GDPR-Compliant WordPress Messaging: Data Export, Erasure, Privacy Tools
GDPR (and the wave of similar laws — CCPA, LGPD, PIPEDA) means every WordPress site processing personal data needs three things: a clear privacy footprint, working data-export tools, and a working erasure path. For a messaging plugin, "personal data" includes message content, IP addresses, optional guest emails, and metadata about who talked to whom and when. Better Messages is built to fit cleanly into WordPress's built-in privacy tools, with all message data stored on your own server and zero default tracking.
Where the data lives
All message data is stored in your WordPress database, on your server. Better Messages does not store message content on external servers under any default configuration.
When the WebSocket version is used, real-time events are routed through cloud.better-messages.com for delivery. Data is transmitted encrypted; the relay server is blind to message content — it does not read, store, or inspect what passes through. The cloud WebSocket version is therefore GDPR-compatible by default. For sites with stricter data-sovereignty requirements (jurisdictional rules about which servers a packet may transit, regulated-data categories like GDPR Article 9, HIPAA-adjacent workloads), consider upgrading to the self-hosted plan.
What gets transmitted to third parties
The plugin minimizes third-party connections. Depending on your configuration, the following may apply:
| Feature | Third-party | Optional? |
|---|---|---|
| Emoji spritesheet (default CDN: jsdelivr.net) | jsdelivr | Yes — switch to self-hosted delivery in Privacy & GDPR settings |
| oEmbed video previews (YouTube, Vimeo, etc.) | The respective video service | Yes — enable Privacy-friendly oEmbeds for click-to-play |
| GIPHY GIFs | GIPHY | Yes — disable by removing the API key |
| Sticker packs (Stipop legacy) | Stipop | Yes — disable the integration |
| AI Chat Bots | OpenAI / Anthropic / Google (whichever you configure) | Only on threads where bots are present |
| AI Content Moderation (OpenAI provider) | OpenAI | Yes — switch to Better Messages Moderation AI which uses BM Cloud |
| Real-time delivery (WebSocket version) | cloud.better-messages.com | Relay is blind to message content; self-hosted plan available for stricter data-sovereignty |
| Voice / video group calls (WebSocket version) | cloud.better-messages.com (relay) | 1-on-1 calls are peer-to-peer, no third-party transit |
Every feature with a third-party connection can be disabled. The plugin runs entirely on your server with no external requests if you turn off the optional integrations.
Cookies and tracking
Better Messages does not set any cookies. No analytics or tracking scripts are loaded by the plugin. No user behavior data is collected or sent to any third party by default.
The plugin uses standard WordPress authentication (which sets its own auth cookies — those are not Better Messages cookies). On the client, IndexedDB is used for offline caching of recent messages on the user's device — this data stays on the user's device and can be cleared by clearing the browser data.
WordPress Privacy Tools integration
Better Messages plugs into the native WordPress privacy tools introduced in WP 4.9.6:
Personal Data Export (Tools → Export Personal Data)
When an admin exports a user's personal data, Better Messages contributes:
- Every message the user sent (full content, timestamp, thread it belonged to)
- Every conversation they participated in
- Any attached files they uploaded
- Any guest metadata if they were a guest before registering
The export is a single ZIP file the admin can hand to the user (or to a regulator) on request.
Personal Data Erasure (Tools → Erase Personal Data)
When an admin runs erasure for a user, Better Messages:
- Anonymizes the user's message content (replaces with a tombstone "Message deleted")
- Optionally deletes the user's file attachments — toggle in Settings → Privacy & GDPR → Delete attachments on data erasure
- Removes any guest metadata
- Preserves the thread structure so other participants' threads do not break
Suggested Privacy Policy (Settings → Privacy)
Better Messages contributes a ready-to-use suggested privacy policy text that adapts based on your plugin configuration. The text is updated automatically when you toggle features on or off — if you enable AI bots, the suggested policy gains an AI-bot data-processing clause; if you disable Giphy, it loses the Giphy clause.
Copy the suggested text into your site's privacy policy page; it covers the data-processing footprint of Better Messages in plain language.
End-to-end encryption for sensitive threads
For threads where the strongest privacy guarantee is needed, end-to-end encryption can be enabled per thread on the WebSocket version. Messages are encrypted in the sender's browser, stay encrypted at rest in the database, and are decrypted only in the recipient's browser. The server stores ciphertext only.
See End-to-end encrypted messaging on WordPress for the full feature.
Guest data
If guest chat is enabled, the following data is collected from guest users:
- Display name (required)
- Email address (optional, depends on your setting)
- IP address (for identification and abuse prevention)
This data is stored in your site's bm_guests table and is not shared with any third party. Guests get the same erasure path as registered users.
Privacy & GDPR settings tab
All privacy-related toggles are consolidated under WP Admin → Better Messages → Settings → Privacy & GDPR:
- Emoji Sprite Delivery — CDN vs self-hosted
- Privacy-friendly oEmbeds — click-to-play video embeds (no third-party request until the user clicks)
- Delete attachments on data erasure — flip on to physically delete files when a user requests erasure (vs only anonymizing the message body)
Frequently asked questions
Is Better Messages GDPR-compliant out of the box?
The plugin provides the tooling required for GDPR (data export, erasure, privacy policy text, no default tracking). Whether your specific site is GDPR-compliant depends on your overall configuration, your privacy policy, and your DPA arrangements with any third-party services you turn on (AI providers, GIPHY, etc.).
Does the WebSocket cloud server store messages?
No — the WebSocket relay is for event delivery only. It is blind to message content: it does not store, read, or inspect what passes through. Message data is written to your WordPress database only. This is why the cloud WebSocket version is GDPR-compatible without requiring an upgrade to the self-hosted plan.
Can I run Better Messages without any external requests?
Yes — disable Giphy, switch emoji delivery to self-hosted, enable Privacy-friendly oEmbeds, do not configure AI bots, and consider upgrading to the self-hosted plan so real-time delivery runs on your own infrastructure. The plugin then runs entirely on your server.
Does it handle California's CCPA / CPRA?
The same WordPress privacy tools (export, erasure) cover CCPA "right to know" and "right to delete" requests. The suggested privacy policy text mentions third-party processors clearly.
Where can I find Better Messages' Data Processing Agreement (DPA)?
Contact support@better-messages.com — a standard DPA is available for sites that need one for their GDPR Article 28 compliance.
Are AI bot conversations private from the bot provider?
AI bot conversations are sent to the configured AI provider (OpenAI / Anthropic / Google) for processing. Each provider has its own data-usage policy; the plugin's suggested privacy policy text references this. Bots are excluded automatically from E2E-encrypted threads.
See also
- Privacy & GDPR feature documentation — full reference
- End-to-end encrypted messaging — for the strongest privacy mode
- AI content moderation — moderation provider data flow
- WordPress guest chat — guest data footprint