SysWP |

Privacy Policy

Last updated: March 27, 2026

1. Introduction

SYSWP ("Company", "we", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our web performance monitoring platform ("Service"). This policy is compliant with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018) and international best practices.

2. Data Controller

SYSWP is the data controller for information processed through this Service. For any questions regarding data processing, contact us at support@syswp.pro.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored as a bcrypt hash, never in plain text)
  • Phone number (optional, for WhatsApp alerts)
  • Preferred theme setting (dark/light)

3.2 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We only store your Stripe Customer ID for subscription management.

3.3 Real User Monitoring (RUM) Data

When you install our JavaScript snippet or WordPress plugin on your website, we collect the following data from your website visitors:

Data Type Examples Purpose
Performance Metrics LCP, FCP, CLS, TTFB, INP, FID Measure real page load performance
Device Information Screen size, CPU cores, device memory Segment performance by device capability
Browser Information User agent, language, platform Classify visitors and detect bots
Network Information IP address, referrer URL, timezone Geolocation analytics, traffic source analysis
Page URL The URL being visited Page-level performance analysis

3.4 WordPress Plugin Data

If you install our WordPress plugin, we additionally collect:

  • WordPress version, PHP version, MySQL version
  • Server software and configuration
  • Installed plugins and themes (names and versions only)
  • Database health metrics (table sizes, overhead, autoload data)
  • Per-request metrics (query count, memory usage, page generation time)
  • WP-Cron scheduled events
  • SSL certificate information (issuer, expiry date, protocol)
  • Smart Firewall / Intelligence WP Threat Monitor status (if installed)

This data is used exclusively to provide performance recommendations and optimization suggestions. We do not access, read, or store any content from your posts, pages, comments, or user data.

3.5 Remote Login

When you use the "Login to WP Admin" feature, a one-time authentication token is generated on your WordPress site. This token expires in 60 seconds, is single-use, and is stored in hashed form. We log the date, time, and IP address of each remote login for security auditing. We never store or transmit your WordPress password.

4. How We Use Your Data

  • Provide the Service — Display performance dashboards, generate reports, track uptime
  • Send Alerts — Email and WhatsApp notifications when performance drops below your threshold
  • Geolocation — Resolve IP addresses to country/city for traffic analytics (via ip-api.com and local cache)
  • Bot Detection — Classify visitors as humans, search engine bots, or AI crawlers using user agent analysis
  • Optimization Recommendations — Analyze server configuration and database health to suggest improvements
  • Billing — Process payments and manage subscriptions through Stripe

5. Data Storage and Retention

  • Account data — Retained while your account is active, deleted within 30 days of account deletion
  • RUM events — Retained for 3 months (paid plans) or 5 days (trial)
  • Performance scans — Retained for 3 months (paid plans)
  • IP geolocation cache — IP-to-country mappings cached locally, refreshed periodically
  • WordPress server info — Last 30 snapshots retained per domain
  • Uptime checks — Retained for 90 days

All data is stored on secure servers. Database connections use encrypted protocols. Passwords are hashed with bcrypt (cost factor 12). API secrets are encrypted with AES-256-CBC.

6. Data Sharing

We do not sell, trade, or rent your personal data. We share data only with:

  • Stripe — Payment processing (PCI DSS compliant)
  • Google — PageSpeed Insights API calls (only your domain URL is sent)
  • ip-api.com — IP geolocation resolution (only IP addresses are sent, no personal data)
  • N8N (self-hosted) — Email and WhatsApp alert delivery

We may disclose data if required by law or to protect the rights, property, or safety of SYSWP, our users, or the public.

7. Cookies and Tracking

SysWP uses only essential session cookies required for authentication and functionality. We do not use advertising cookies, tracking pixels, or third-party analytics on the SysWP dashboard. Our monitoring snippet does not set any cookies on your visitors' browsers.

8. Your Rights (LGPD)

Under the Brazilian General Data Protection Law (LGPD), you have the right to:

  • Access — Request a copy of your personal data
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your personal data
  • Portability — Request your data in a machine-readable format
  • Revocation — Revoke consent for data processing at any time
  • Information — Request information about entities with which your data has been shared
  • Objection — Object to processing that violates the LGPD

To exercise any of these rights, contact us at support@syswp.pro. We will respond within 15 days.

9. Your Visitors' Privacy

As a SysWP user, you are the data controller for the performance data collected from your website visitors. You are responsible for:

  • Informing your visitors that performance monitoring is active on your website
  • Including appropriate disclosure in your website's privacy policy
  • Ensuring compliance with applicable data protection laws in your jurisdiction

SysWP acts as a data processor for visitor data collected through the snippet. We process this data solely on your behalf and according to your instructions.

10. Security

We implement industry-standard security measures to protect your data:

  • HTTPS encryption for all connections
  • CSRF protection on all form submissions
  • HMAC-SHA256 signed API communications
  • Bcrypt password hashing (cost factor 12)
  • Rate limiting on authentication endpoints
  • Security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options)
  • Prepared SQL statements (prevention of SQL injection)
  • HTML output escaping (prevention of XSS)

11. Children's Privacy

Our Service is not intended for use by children under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

For any questions or concerns about this Privacy Policy or our data practices, please contact us at:

SYSWP

Email: support@syswp.pro

Website: syswp.pro