Privacy Policy Changes for

We’ll be making some changes to the privacy policy this month. This post outlines the changes we’ll be making, including information on data retention and erasure in what I hope is easy-to-understand language. Read on for details and if you have any feedback, questions, or suggestions, please comment on this post! 🙂

What data we collect and who can access it

The majority of what’s collected and stored on is WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. attendee data, through our registration pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the Plugin Directory or can be cost-based plugin from a third-party called CampTix. Currently we require the following information: name, email address, agreement to follow the code of conductCode of Conduct “A code of conduct is a set of rules outlining the norms, rules, and responsibilities or proper practices of an individual party.” - Wikipedia, whether the attendee has a life-threatening allergy, and whether the attendee needs special accommodations to participate in the WordCamp.

Local WordCamp organizing teams can (and do) collect more information than that, when they set up registration. This data can vary widely, but the reason questions are added is to help our volunteers organize an event that’s better for attendees, and to assist the growth of the WordPress community and, by extension, the WordPress open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. project.

All attendee-provided data can be viewed and changed by the attendee via the Access Token URLURL A specific web address of a website or web page on the Internet, such as a website’s URL that is emailed to confirm a successful ticket purchase.

Other than the attendee, the only people who can view attendee information are WordCamp volunteers with access to the WordCamp site’s dashboard. WordCamp volunteers are expected to access attendee data only to serve the interests of the WordCamp, not for the benefit of certain businesses or individuals. We’ll be adding a line to the speaker/sponsor/organizer/volunteer agreement to make this expectation more explicit.

Currently, WordCamp attendees are listed by default on the WordCamp attendee page, but can request to be removed by emailing the organizing team. We plan to make the Attendees page listing opt-in by the end of this month (with another one of those annoying required registration questions).

When WordCamp volunteers request reimbursement for (budgeted) out-of-pocket expenses they may have incurred while organizing WordCamp, we may also collect banking-related financial information from them so that we can reimburse them. A volunteer’s banking details and address are only visible to the user who submitted the request and the financial administrators who process the request.

How long data is retained

We’d like to keep data for as little time as possible, while still maintaining accurate business records and not limiting our ability respond to reports related to attendee safety. We don’t have a time limit on code of conduct complaints right now. If we were to delete attendee data 12 months after the event, for example, that could make it harder for the community team to respond to a code of conduct report that might come in 5 15 months after the event. So my proposal is that we hold *all* attendee data for at least three years after the WordCamp is complete. Once non-essential WordCamp attendee data is over three years old, we’ll automatically delete the answers to all but the mandatory registration questions; some examples of to-be-automatically-deleted data here include t-shirt size, meal preference, etc. We plan to retain attendee names indefinitely (unless erasure is requested), as historical records of the participants in WordPress community events.

Banking/financial data collected as part of a reimbursement request is deleted from 7 days after the request is marked paid. The reason for the 7-day retention period is to prevent organizers having to re-enter their banking details if a wire fails or if a payment was marked Paid in error.

We keep invoices and receipts related to WordCamp expenses for 7 years after the close of the calendar year’s audit, by instruction of our financial consultants (auditors & bookkeepers).

Records showing who organized, spoke at, sponsored, or volunteered at WordCamp is considered a matter of public record for the WordPress open source project, and important information to keep for historical/archival purposes. This data will be kept indefinitely, and will not be subject to erasure requests. We’ll add a line to the speaker/sponsor/organizer/volunteer agreement to make this expectation more explicit as well.

What data is subject to erasure requests

If a WordCamp attendee had no official role in the event (meaning: they were not an organizer, speaker, sponsor, or volunteer), then we will remove their data from public display after the 3 year retention period, if asked to do so. For business record-keeping purposes, the plan is to retain essential registration records indefinitely, with some data visible only to data administrators.

As mentioned above, data indicating who organized, spoke at, sponsored, or volunteered at WordCamp is considered a matter of public record for the WordPress open source project, and not subject to erasure requests. If a person whose user ID is linked to a WordCamp custom post typeCustom Post Type WordPress can hold and display many different types of content. A single item of such a content is generally called a post, although post is also a specific post type. Custom Post Types gives your site the ability to have templated posts, to simplify the concept. requests that their The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. account be deleted, their user account will be removed from all WordCamp sites, and the authorship of any posts/pages they published will change to a text version of their display name. The text fields in the WordCamp custom post types won’t change.

Code of conduct reports will not be subject to erasure, so that we can more effectively preserve attendee safety. Emails sent to and from email addresses are not subject to erasure.

Next steps

In cooperation with the Meta team, we’re working on making all the relevant data on exportable and, where relevant, erasable. Because uses the same user tables and privacy policy as, we’ll also share a Subject Access Request form and deletion process. Our shared privacy policy will be updated by the end of this week.

I plan to publish a separate post this week, addressing communities using third-party tools like newsletter services to contact community members, so stay tuned for that. 🙂

Questions? Feedback? Concerns? Kittens? Leave a comment with any and all (except kittens), below!