WP Admin Online
Start Free

Privacy Policy

Last updated: March 1, 2026

This Privacy Policy describes how Rootscope ("we", "us", or "our") collects, uses, and protects your information when you use Rootscope Remote Site Manager ("the Service") at wp-admin.online.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address — to identify your account and communicate with you
  • Password — stored in a securely hashed format; we never store or have access to your plaintext password
  • Profile photo — optionally uploaded by you
  • Two-factor authentication data — if you enable 2FA, we store the encrypted secret required to verify your codes

Social Login

If you sign in using a third-party provider (such as Google or GitHub), we receive and store an access token and basic profile information (name and email) from that provider. We do not receive or store your password from any third-party provider.

WordPress Site Data

When you connect a WordPress site, the following data is collected from your site via our companion plugin:

  • Site name and URL
  • WordPress version and PHP version
  • Installed plugins and themes, including names, versions, active/inactive status, and available updates
  • Administrator user list (WordPress user ID, display name, and username)
  • Sync logs including timestamps, HTTP status codes, and error messages

This data is synced automatically on a daily schedule and can also be triggered manually.

Client Data

You may optionally store client records (name, company, email, and notes) within the Service. This data is provided entirely by you and is used only within your account.

Authentication Credentials

  • API keys and secrets are generated for each connected site to authenticate communication between the Service and your WordPress plugin. These are stored securely.
  • Basic auth credentials, if your site uses HTTP basic authentication, are stored in encrypted form.
  • One-click login tokens are short-lived (5 minutes), single-use, and we log the IP address used when generating them.

Payment Information

If you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID but do not store your credit card number or payment details — those are held securely by Stripe in accordance with their privacy policy.

What We Do NOT Collect

  • Your WordPress content (posts, pages, media)
  • Customer or visitor data from your sites
  • Database contents
  • Any sensitive or personal information from your WordPress sites beyond what is listed above

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Display your connected WordPress sites, their status, plugins, themes, and security vulnerabilities
  • Facilitate one-click login to your WordPress sites
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password resets, security alerts)
  • Detect and prevent abuse or unauthorized access

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services:

  • Stripe — for payment processing. Your payment data is subject to Stripe's Privacy Policy.
  • WordPress.org API — to check for plugin and theme updates. No personal data is sent; only plugin/theme slugs and versions are queried.
  • WPVulnerability.net — to check plugins and themes for known security vulnerabilities. Only plugin/theme identifiers are sent.
  • OAuth providers (Google, GitHub, etc.) — if you use social login. Subject to each provider's respective privacy policy.

4. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of sensitive data at rest and in transit (HTTPS)
  • HMAC-signed API communication between the Service and your WordPress sites
  • Hashed passwords and encrypted authentication tokens
  • Short-lived, single-use login tokens
  • API secrets encrypted in our database

While we strive to protect your information, no method of transmission or storage is 100% secure.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • All your account data is permanently deleted
  • All connected site data is removed
  • This process is irreversible

We may retain certain records where required by law.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Update or correct your account information at any time through your profile settings
  • Delete your account and associated data
  • Export your data upon request
  • Withdraw consent for data processing

If you are located in the European Economic Area (EEA), you may also have additional rights under the General Data Protection Regulation (GDPR), including the right to restrict processing and the right to data portability.

7. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking or advertising cookies. See our Cookie Policy for details.

8. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or to exercise your rights, please contact us.