Skip to main content

Privacy & GDPR

Better Messages is designed with privacy in mind and provides the tools needed for GDPR compliance.

Data Storage

All message data is stored on your own server in your WordPress database. No message content is stored on external servers.

When the WebSocket version is used for real-time delivery, data is transmitted encrypted and is not stored on external servers. An additional end-to-end encryption (E2EE) option is available in the WebSocket version for maximum privacy — messages are encrypted on the sender's device and can only be decrypted by the intended recipients.

Browser-cached data (IndexedDB) stays on the user's device and is not shared with anyone. Users can clear it at any time by clearing their browser data. In the WebSocket version, cached data can be additionally encrypted for extra protection.

No Cookies or Tracking

The plugin does not set any cookies. No analytics or tracking scripts are loaded. No user behavior data is collected or sent to third parties.

WordPress Privacy Tools Integration

Better Messages integrates with the WordPress built-in privacy tools:

  • Personal Data Export (Tools → Export Personal Data) — exports all messages sent by the user
  • Personal Data Erasure (Tools → Erase Personal Data) — anonymizes the user's message content and optionally deletes their file attachments
  • Suggested Privacy Policy (Settings → Privacy) — provides a ready-to-use privacy policy text that adapts based on your plugin configuration

Third-Party Services

Better Messages minimizes third-party connections. The following external services may be used depending on your configuration:

Emoji Images

By default, emoji spritesheet images are loaded from a CDN (jsdelivr.net). You can switch to self-hosted delivery in the plugin settings (Privacy & GDPR tab) to download emoji images to your server, eliminating external requests.

Video Embeds (oEmbed)

When users share YouTube, Vimeo, or other video links, embedded players may load directly from those services. You can enable Privacy-friendly oEmbeds in the plugin settings — this shows a static preview with a play button, and the actual video loads only after the user clicks.

GIFs and Stickers

If GIF (Giphy) or Sticker (Stipop) integrations are enabled, images are loaded from their respective servers when displayed in conversations. These features are optional and can be disabled by removing the API keys in the settings.

Real-Time Messaging (WebSocket Version)

The WebSocket version routes real-time events through a cloud relay server (cloud.better-messages.com) for instant message delivery. Data is transmitted encrypted. The relay server does not store message content.

Voice and Video Calls (WebSocket Version)

Private one-on-one calls are established directly between users (peer-to-peer). Group calls are routed through a cloud service to connect multiple participants.

AI Chat Bots

If AI chat bots are enabled, messages in bot conversations are sent to the configured AI provider (OpenAI, Anthropic, or Google) to generate responses. This only applies to conversations with AI bots, not regular user conversations.

Privacy Settings

All privacy-related settings are consolidated in the Privacy & GDPR tab in the plugin settings:

  • Emoji Sprite Delivery — choose between CDN or self-hosted
  • Privacy-friendly oEmbeds — click-to-play video embeds
  • Delete attachments on data erasure — remove uploaded files when a user requests data erasure

Guest Chat

If guest chat is enabled, the following data is collected from guest users:

  • Display name (required)
  • Email address (optional)
  • IP address (for identification purposes)

This data is stored in the site database and is not shared with third parties.

Questions?

If you believe we missed something or have a suggestion to improve privacy compliance, please contact us at support@better-messages.com.