I want to ask something most important

  • Unknown's avatar
    backendcreatorscom · Member ·

    Hello Can WordPress.com legally guarantee exact data residency and retention for all logs, confirm my site/user data (including IPs) will never be used for ML or shared with third parties, and provide a full raw database dump on demand?

  • Unknown's avatar
    coleethan007 · Member ·

    I’ve looked into this myself because I had similar concerns when hosting a client’s site on WordPress.com. From my research and chats with support:

    • Data residency & retention: WordPress.com (Automattic) doesn’t provide a legal guarantee that all logs or data stay in one specific country. Their infrastructure is global, and while they follow GDPR and other privacy standards, they don’t let you choose exact data residency.
    • Use of data / ML: They’re pretty transparent that user/site data isn’t sold to third parties. However, certain anonymized data may still be used internally for service improvements. There’s no blanket guarantee that absolutely nothing is used in ML models.
    • Database dumps: On WordPress.com (hosted version), you can export your content (posts, pages, media) but you won’t get a full raw database dump like you would with self-hosted WordPress.org. That level of access isn’t provided.

    If you need strict control over data location, full raw DB access, or legal guarantees about ML/third-party usage, the safer option is to go with self-hosted WordPress.org on a provider that offers those guarantees in writing (for example, EU-only hosting with explicit data agreements).

    That’s what worked for me when I needed tighter compliance for a client project.

  • Unknown's avatar
    mukeshoad · Member ·

    Hi @backendcreatorscom

    WordPress.com does follow strong privacy laws (like GDPR and CCPA), but it cannot legally guarantee:

    Exact data residency (all logs/content in one country). Their infrastructure is global.

    A raw database dump on demand. You can only export your posts, pages, and media, not the full SQL database.

    That absolutely no anonymized data is ever used internally (though Automattic is clear that your personal/site data isn’t sold to third parties).

    If you need strict control over data location, retention policies, or full DB access, the safer route is to use self-hosted WordPress.org with a hosting provider that can sign a Data Processing Agreement and guarantee compliance in writing.

  • The topic ‘I want to ask something most important’ is closed to new replies.