Privacy Policy
Last updated: on deployment. Operated by Zahaib Ali.
WP Multi-Site Console ("the Service") lets agencies manage WordPress sites and connected Google and Meta advertising accounts on behalf of their clients. This policy explains what data the Service stores and how it is used.
Information we store
- Account data — the name and email of each agency and client user, and a hashed password.
- WordPress credentials — site URLs, usernames and application passwords for the WordPress sites you connect. Application passwords are encrypted at rest.
- Google account data — when you connect Google Search
Console, we store the OAuth tokens Google issues, encrypted at rest. We
access only Search Console data (site performance, queries, pages, URL
index status) using the read-only
webmasters.readonlyscope, and your email address to show which account is connected. - Meta account data — when you connect Meta Ads, we store the OAuth token Meta issues, encrypted at rest, and use it to read and manage the ad accounts you have access to.
How we use it
Stored credentials and tokens are used solely to perform the WordPress, Search Console and Meta Ads actions that you or your team request through the Service. We do not use this data for advertising, profiling, or any purpose unrelated to operating the Service.
Limited Use — Google user data
WP Multi-Site Console's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Google user data is not sold, not transferred except as needed to provide the Service, not used for advertising, and not read by humans except with your consent, for security, or as required by law.
How it is stored and shared
Data is stored in a managed database. Credentials and OAuth tokens are encrypted at rest. We do not sell your data. We share it only with the infrastructure providers that host the Service, as needed to run it.
Retention and deletion
You can remove sites and disconnect Google/Meta accounts at any time, which deletes the associated stored credentials. You may request deletion of all your data via the data deletion page. Account data is removed when an account is closed.
Contact
Questions about this policy: info@zahaibali.com.
This is a working draft describing the Service accurately. Have it reviewed by a legal professional before submitting the app for Meta App Review or Google OAuth verification.