Your Data Stays on Your Server
Agent Builder runs entirely within your WordPress installation. Your site data, configuration, and content never pass through our servers. We do not collect telemetry, analytics, or usage data.
What Goes to the AI Provider?
When you chat with an assistant, the conversation (your messages and the assistant’s responses) is sent to your chosen AI provider (OpenAI, Anthropic, or xAI) for processing. This includes:
- Your message text
- The assistant’s system instructions
- Context the assistant gathers (e.g., post content it reads to answer your question)
Each provider has its own privacy policy:
API Key Security
Your AI provider API key is:
- Stored in your WordPress database (encrypted using WordPress salt keys)
- Never displayed in full in the admin interface (masked with asterisks)
- Never sent to our servers
- Never included in audit logs
Plugin Security Features
- Read-only by default — Assistants cannot modify your site without explicit permission
- Approval workflows — Sensitive changes require manual approval
- Audit logging — Complete record of every assistant action
- File backups — Originals saved before any file modification
- WordPress capabilities — Assistants respect the WordPress permission system
- Rate limiting — Prevents runaway API usage
Reporting a Security Issue
If you discover a security vulnerability, please email [email protected]. Do not open a public GitHub issue. We respond within 48 hours.