What this page is for
When you install SysWP on your website, your visitors' performance data flows through our infrastructure. Under GDPR and LGPD, you are the Data Controller — you're responsible for informing your visitors. SysWP is your Data Processor. This page gives you exactly what you need to stay compliant: a full data inventory, ready-made privacy policy text, and a compliance checklist.
1 Data SysWP collects on your visitors' behalf
This is the full inventory of what is recorded when your visitors load a page on your site with the SysWP snippet or plugin active.
| Data | Example value | Legal basis | Retention | JS only | WP plugin |
|---|---|---|---|---|---|
| Visitor IP address | 203.0.113.42 | Legitimate interest (security, abuse prevention) | 3 months | ✓ | ✓ |
| Page URL visited | /blog/my-post | Contract / service delivery | 3 months | ✓ | ✓ |
| HTTP Referer | https://google.com | Legitimate interest (traffic analysis) | 3 months | ✓ | ✓ |
| Browser User-Agent | Chrome/120 on macOS | Legitimate interest (compatibility analytics) | 3 months | ✓ | ✓ |
| Browser language | en-US | Legitimate interest (performance analytics) | 3 months | ✓ | ✓ |
| Timezone | America/New_York | Legitimate interest (performance analytics) | 3 months | ✓ | ✓ |
| Device type | mobile | Legitimate interest (performance analytics) | 3 months | ✓ | ✓ |
| Screen & viewport size | 390×844 | Legitimate interest (performance analytics) | 3 months | ✓ | ✓ |
| CPU cores | 4 | Legitimate interest (performance analytics) | 3 months | ✓ | ✓ |
| Device memory | 4GB | Legitimate interest (performance analytics) | 3 months | ✓ | ✓ |
| Web Vitals (LCP, CLS, INP) | LCP 1.8s / CLS 0.02 | Contract / service delivery | 3 months | ✓ | ✓ |
| Page generation time | 120ms | Contract / service delivery | 3 months | — | ✓ |
| PHP memory usage | 24MB / 256MB limit | Contract / service delivery | 30 snapshots | — | ✓ |
| SQL query count & time | 18 queries / 42ms | Contract / service delivery | 30 snapshots | — | ✓ |
| WordPress user role (if logged in) | editor | Legitimate interest (authenticated-user analytics) | 3 months | — | ✓ |
| WP events (logins, publishes, orders) | post.publish by admin | Legitimate interest (audit log) | 30–90 days | — | ✓ |
| Installed plugins & themes (names only) | WooCommerce 8.5 | Contract / service delivery | 30 snapshots | — | ✓ |
No cookies set — the JS snippet uses navigator.sendBeacon and sets zero cookies on your visitors' browsers.
No cross-site tracking — data is only collected for the specific site it's installed on. We never combine data across different websites.
No profiling or advertising — we never use visitor data for advertising, remarketing, or user profiling of any kind.
2 Ready-made text for your Privacy Policy
Copy one of the blocks below and paste it into your site's privacy policy page. Choose the block that matches how you use SysWP.
Performance Monitoring This website uses SysWP (syswp.pro) to monitor page performance and real user experience. When you visit a page, SysWP automatically collects the following technical data: - Your anonymised IP address - The URL of the page visited and HTTP referer - Your browser, device type, screen resolution, and operating system - Browser language and timezone - Web performance metrics (page load time, visual stability, interactivity scores) This data is used exclusively to analyse and improve website performance. It is not used for advertising, profiling, or tracking across other websites. No cookies are set by SysWP. Data is stored on SysWP's servers for up to 3 months, then permanently deleted. SysWP acts as a data processor on our behalf under a Data Processing Agreement. For more information, see SysWP's privacy policy at https://syswp.pro/privacy. Legal basis: Legitimate interest (GDPR Art. 6(1)(f) / LGPD Art. 7 IX) — improving website performance for all visitors.
Performance Monitoring This website uses SysWP (syswp.pro) to monitor page performance, server health, and real user experience. When you visit a page, SysWP automatically collects the following data: Visitor data: - Your anonymised IP address - The URL of the page visited and HTTP referer - Your browser, device type, screen resolution, and operating system - Browser language and timezone - Web performance metrics (page load time, visual stability, interactivity scores) Server-side technical data (not personal, not shared with visitors): - PHP execution time, memory usage, and SQL query count per page - WordPress version, installed plugin names, and server software - Database health metrics (table sizes, overhead) Visitor data is stored on SysWP's servers for up to 3 months. Server-side snapshots are retained for the last 30 records. No cookies are set by SysWP on visitor browsers. If you are logged in to WordPress as an administrator or editor, your WordPress user role is included in performance reports for filtering purposes. Your username and email are never sent to SysWP. SysWP acts as a data processor on our behalf under a Data Processing Agreement. Legal basis: Legitimate interest (GDPR Art. 6(1)(f) / LGPD Art. 7 IX).
Performance Monitoring This website uses SysWP (syswp.pro) to monitor page performance, server health, and real user experience. When you visit a page, SysWP automatically collects the following data: Visitor data: - Your anonymised IP address - The URL of the page visited and HTTP referer - Your browser, device type, screen resolution, and operating system - Browser language and timezone - Web performance metrics (page load time, visual stability, interactivity scores) Server-side technical data: - PHP execution time, memory usage, and SQL query count per page - WordPress and WooCommerce version, installed plugin names, and server software - Database health metrics (table sizes, overhead) WooCommerce activity log: - New order events (order ID and status only — no payment details, customer names, or personal information) - Product publish and update events Visitor data is stored for up to 3 months. Activity log events are retained for 30–90 days depending on plan. No cookies are set by SysWP on visitor browsers. No payment information is ever transmitted to SysWP. SysWP acts as a data processor on our behalf under a Data Processing Agreement. Legal basis: Legitimate interest (GDPR Art. 6(1)(f) / LGPD Art. 7 IX).
3 Data Processing Agreement (DPA)
GDPR Art. 28 and LGPD Art. 39 require a formal written agreement between the Data Controller (you) and the Data Processor (SysWP). Our Terms of Service already includes DPA clauses by reference, but you can request a standalone signed DPA for your records.
What the DPA covers
- Subject matter and nature of processing
- Purpose of processing (performance monitoring)
- Type of personal data and categories of data subjects
- Duration of processing
- Obligations and rights of the controller (you)
- Sub-processors used by SysWP (Stripe, ip-api.com)
- Data breach notification obligations
- Data subject rights (access, deletion, portability)
Request a signed DPA
We'll email you a PDF DPA pre-filled with your account details, ready to sign and file.
Request DPA via emailSub-processors
SysWP uses the following third-party services to deliver the product. All sub-processors are bound by data processing agreements with SysWP.
| Sub-processor | Purpose | Data sent | Location |
|---|---|---|---|
| Stripe | Payment processing | Billing info only (no visitor data) | USA / EU (SCC) |
| ip-api.com | IP geolocation (country/city only) | Visitor IP address | EU |
| Google PSI | PageSpeed Insights scans | Your domain URL only | USA / EU (SCC) |
4 Your compliance checklist
Work through these items to ensure your site is compliant. Your progress is saved in this browser.
Use the text blocks in Section 2 above.
GDPR requires the policy to be "easily accessible".
Use the button in Section 3. Keep the signed copy on file.
Add your contact email or a data request form to your Privacy Policy.
SysWP sets no cookies, so it doesn't require consent — but verify your CMP isn't blocking the script.
Especially relevant for sites with employee logins (the WP plugin logs WordPress user events).
See the data inventory table in Section 1.
0 of 7 completed