WordPress AI Analytics

Privacy-First Analytics by Design

PulseRank prioritizes user privacy with minimal data collection, GDPR-ready analytics, and complete data ownership.

What Data We Collect

Session Tracking

Session Cookie: pulserank_sid (first-party, 7-day expiry, httpOnly, SameSite=Lax)

IP Addresses: Hashed with SHA-256 + site salt before storage (irreversible)

User Agent: Browser/bot identification string

Referrer URL: Where visitors came from

Page URL: Pages visited (hashed)

Timestamps: Visit times for analytics

What We DON’T Collect

Raw IP addresses (only salted SHA-256 hashes stored)

Personally identifiable information

Email addresses (except hashed for logged-in GDPR requests)

Cross-site tracking data

Third-party cookies

Data Storage

Local Storage Only

All analytics data stored in your WordPress database

Tables: wp_pulserank_hits, wp_pulserank_conversions, wp_pulserank_audits

Settings stored in WordPress options table

No external data transmission to PulseRank servers

Optional External Requests

Bot IP verification (fetches official IP ranges from Google, Bing, OpenAI)

Results are cached locally (transients)

Only used for enhanced bot detection accuracy

Not required for basic analytics functionality

Data Retention

Configurable Retention Periods

Minimum: 30 days (enforced)

Default: 365 days (1 year)

Configurable: Any value ≥ 30 days

Automatic Cleanup: Daily via WordPress cron

Manual Data Management

Delete data by date range via REST API

Purge all data via Settings & Health tab

GDPR export/deletion tools available

Support & Resources

Legal Resources

GDPR Official Text

CCPA Official Text

ePrivacy Directive

Disclaimer: This documentation provides general guidance on PulseRank’s privacy features. It is not legal advice. Consult with qualified legal counsel to ensure compliance with applicable privacy laws and regulations in your jurisdiction.

Frequently Asked Questions

We’ve anticipated your concerns and engineered solutions for each one.

PulseRank uses a single first-party session cookie (pulserank_sid, 7-day expiry, httpOnly, SameSite=Lax) for analytics tracking.

Cookie consent requirements vary by jurisdiction:

  • EU/UK (ePrivacy Directive): Consent likely required for non-essential cookies
  • US (most states): Generally no cookie consent required for first-party analytics
  • California (CCPA): Cookie consent not required, but disclosure in privacy policy recommended

Our Recommendation: Consult local regulations and legal counsel. When in doubt, obtain consent to ensure compliance.

All analytics data is stored locally in your WordPress database in custom tables:

  • wp_pulserank_hits – Visitor tracking data
  • wp_pulserank_conversions – Conversion events
  • wp_pulserank_audits – Content optimization audits

Nothing is sent to PulseRank servers or any third-party analytics service. You have complete control and ownership of your data.

Yes. PulseRank is designed with GDPR compliance in mind:

  • Data Minimization: Only collects essential analytics data
  • Pseudonymization: IP addresses hashed (SHA-256) before storage
  • Local Storage: All data stays on your server
  • User Rights: Export and deletion tools available
  • Retention Controls: Configurable data retention (minimum 30 days)
  • No Third Parties: No data shared with external services

Important: GDPR compliance also depends on your privacy policy disclosures, cookie consent implementation, proper retention configuration, and your legal basis for processing. We recommend consulting with legal counsel.

IP addresses are never stored in plain text. Before storage, they are:

  1. Salted: Combined with WordPress auth salt (unique per site)
  2. Hashed: SHA-256 cryptographic hash applied
  3. Stored: Only the hash is stored in database

Example:

// Actual code from class-pulserank-tracker.php line 141
$ip_hash = hash('sha256', $remote_addr . wp_salt('auth'));

This makes IP addresses irreversible – even with database access, original IPs cannot be recovered.

Why this matters:

  • GDPR pseudonymization requirement met
  • Data breaches expose only hashes (useless to attackers)
  • Cannot identify specific users from database


Yes, multiple ways:

1. Purge All Data (Settings & Health Tab)

Click “Purge All Analytics Data” button. Confirmation required. Settings and configurations preserved.

2. Manual Database Deletion

DELETE FROM wp_pulserank_hits;
DELETE FROM wp_pulserank_conversions;
DELETE FROM wp_pulserank_audits;

3. Uninstall Plugin

If “Delete data on uninstall” is enabled, removes all tables when plugin is deleted.

4. REST API Bulk Deletion

DELETE /wp-json/pulserank/v1/reports/raw?from=2020-01-01&to=2026-12-31

Stop Guessing. Start Measuring.

Join WordPress sites already using PulseRank to uncover their AI traffic and optimize for the future of search.

View Plans and Pricing →