ranger/rangerhq-radio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Page: Privacy
Pages
Architecture FAQ Family Home Privacy Stations The 4 Buttons
Clone
1
Privacy
David Keane edited this page 2026-06-09 02:32:38 +01:00
Table of Contents

Privacy

TL;DR

RangerHQ Radio stores everything per-user on your own WordPress site. The only external service contacted is SomaFM, for the audio stream + the public now-playing metadata. Nothing else, nowhere else.

What is stored on your WordPress site

In wp_usermeta, one row per admin user under three meta keys:

Key Shape Notes
radio_state { station_id, volume } Last picked station + last volume
radio_history Array of { artist, title, station, station_id, at } FIFO, capped at 500 entries
radio_favourites Array of { artist, title, station, station_id, at } Uncapped, user-starred tracks

Per-user, multi-admin-friendly: Alice's history is independent of Bob's. WordPress's user-meta API enforces this.

What is NOT stored

  • No IP addresses
  • No browser fingerprints
  • No session IDs beyond what WordPress already manages
  • No page-view counters
  • No interaction logs (every play / pause / skip)
  • No tracking cookies set by the plugin
  • No analytics of any kind

Outbound network requests

The plugin contacts only somafm.com and SomaFM's stream subdomains:

Endpoint When Why
Direct stream URLs (e.g. https://ice1.somafm.com/groovesalad-128-mp3) Continuous while playing The actual audio
https://somafm.com/songs/<channel-id>.json Every 25 seconds while playing Public now-playing track metadata

That's it. No other server is contacted by RangerHQ Radio. No telemetry, no analytics, no error reporting, no font CDN, no image CDN (station artwork is served by SomaFM directly when you view their site, but the player itself uses static URLs).

Your WordPress server's IP is naturally observable by SomaFM as part of routine HTTP serving — exactly the same as if you visited https://somafm.com in a browser tab. Nothing identifying the WordPress installation is sent.

Verify the audit yourself:

grep -rn "wp_remote_\|file_get_contents.*http\|curl_init" inc/ radio.php
grep -rn "fetch(\|XMLHttpRequest" assets/js/

You'll find wp_remote_* is not used at all (the audio + metadata is fetched directly by the browser's HTML5 audio element + a JS fetch() in radio.js, both client-side). The JS makes two kinds of requests: SomaFM's metadata endpoint, and your own WordPress's admin-ajax.php for track logging.

The 4-button search links

Every track in your History tab has four buttons: Spotify, YouTube, Apple Music, Bandcamp. Each is a plain HTML <a href> link that opens that service's public search results page in a new browser tab. See The 4 Buttons for the full explanation.

RangerHQ Radio does not embed any third-party SDK, player, tracker, or analytics code. The extension does not communicate with Spotify, YouTube, Apple Music, or Bandcamp servers in any way. When you click one of the buttons, you are simply navigating to a public search URL. Anything that happens after that is between you, your browser, and the destination site.

Multi-admin sites

Each WordPress user gets their own three wp_usermeta rows (radio_state / radio_history / radio_favourites). Alice's history is private to her; Bob can't see it; the WP-options-level "everyone shares one player" anti-pattern is avoided.

How to wipe everything

Three options:

  1. The plugin's own "Clear history" button on the History admin page — clears the user's radio_history row. Favourites preserved.

  2. Deactivate + delete the plugin through WP admin. WordPress will leave the wp_usermeta rows in place by design (so reinstalling restores your data). To wipe them manually:

    DELETE FROM wp_usermeta
WHERE meta_key IN ('radio_state', 'radio_history', 'radio_favourites');

  3. Delete the user. wp_delete_user() removes all wp_usermeta for that user. Your radio data goes with them.

Children's privacy

RangerHQ Radio is a WordPress administrator-only feature. Visitors of the public site cannot access it. Admin access requires a WordPress account, which means the user is authenticated. No data is collected about anyone of any age.

Compliance notes

  • GDPR: No personal data is processed beyond what WordPress already stores. WordPress's existing GDPR tools (wp_export_personal_data, wp_erase_personal_data) pick up the three radio_* usermeta rows because they're standard usermeta.
  • CCPA, LGPD, PIPEDA, etc.: Same logic. No collection, no sharing, no third-party processors.

Contact