Skip to content

Privacy, Data Handling, and Production Configuration

SmartSite Assistant processes visitor content through WordPress and OpenAI and may send it to configured tools or Meta. It also stores detailed local logs and browser identifiers.

A production data map must include more than the text visible in the widget. SmartSite stores browser tokens and messages locally, detailed prompts/responses and request metadata in WordPress, and response-chain/vector/file data with OpenAI. WhatsApp, mail, webhook, and custom tools add further recipients. Enabled features determine the actual privacy scope.

A reliable setup moves from inventory selected pages, uploaded files, assistant instructions, and tool-returned data to the point where you define incident, access-request, and deletion procedures across local, openai, meta, email, and webhooks. The controls below explain the decisions along that path, including settings that support the conversation without changing the model’s answer directly.

Use this guide with your privacy, legal, security, and data-owner processes before public launch.

Use this feature in the following situations:

  • You are preparing the privacy notice, retention schedule, access controls, and vendor inventory before launch.
  • You are enabling a new channel or action tool and need to update the data-flow map.
  • You are defining how access, correction, deletion, incident, and backup requests will be handled.
WordPress locationWordPress Dashboard → AI Website Chat → Settings / Security / Analytics
  • SmartSite Assistant is installed and activated.
  • You are signed in with an account that can manage WordPress options.
  1. Inventory selected pages, uploaded files, assistant instructions, and tool-returned data.
  2. Document OpenAI, Meta, email, and webhook recipients/subprocessors as applicable.
  3. Review the local smartsite_logs fields and choose a manual cleanup schedule.
  4. Publish an accurate visitor notice/disclaimer and privacy policy.
  5. Restrict dashboard access and secure database/uploads backups.
  6. Keep visibility restricted while testing security/tool boundaries.
  7. Set conservative rate, length, detection, and action values; review flags.
  8. Define incident, access-request, and deletion procedures across local, OpenAI, Meta, email, and webhooks.

These storage and transmission details explain where conversation content goes and what must be protected. Privacy choices do not directly make the AI more capable, but trustworthy retention, access, and deletion practices determine whether real visitors can safely use it. Reducing unnecessary logs or tool data can also reduce the amount of sensitive context available to administrators and providers.

Fields, controls, and important values
Field, control, or statusWhat SmartSite Assistant does with itHow to use it and why it matters
Local logs Store full prompt/response/error, token, IP, model/tokens/duration, URL/referrer, user agent/device, session/conversation/channel, tool/knowledge/performance/security details. Select “Local logs” for the audience and workflow actually being served. Review fresh output after the change—especially instructions and policy-sensitive text—because generated language can sound polished while changing meaning.
Browser storage Stores user_token and chat_messages. The security role of “Browser storage” is: Stores user_token and chat_messages. Test it with normal and deliberately problematic messages so protection does not remove the context legitimate visitors need for useful answers.
OpenAI Receives messages, instructions, tool schemas/results, processed knowledge, and uploaded files; chat requests use store=true. “OpenAI” affects message handling or stored evidence in this way: Receives messages, instructions, tool schemas/results, processed knowledge, and uploaded files; chat requests use store=true. A stricter setting may reduce abuse but can also interrupt valid conversations, so tune it from reviewed examples rather than guesswork.
Meta/tools WhatsApp messages pass through Meta; enabled email/webhook/hook tools can transmit arguments/results elsewhere. “Meta/tools” belongs to the boundary between WordPress and another service. Verify it against a sandbox receiver first, then confirm the business result separately from the HTTP status so the AI is not given misleading success data.
Retention No automatic local log retention job was found; manual cleanup offers 30/90/180/365-day cutoffs. “Retention” contributes this safeguard or review signal: No automatic local log retention job was found; manual cleanup offers 30/90/180/365-day cutoffs. It does not improve a permitted answer; it changes whether activity continues, is flagged, or remains available for investigation.

The reliable proof for Privacy, Data Handling, and Production Configuration is the observable result described above. Reproduce it with a realistic example; if only the admin screen changed, continue tracing the workflow until the visitor or connected system sees the intended effect.

If a Contact Request tool emails a visitor message, the privacy map includes WordPress, OpenAI, the mail service, and the receiving mailbox.

  • Recommendation: begin with role/user visibility, default-on security, no action tools, and a small approved knowledge set.
  • Recommendation: run scheduled reviews of logs, flags, tool destinations, credentials, and synchronized sources.
Common problems and focused checks
ProblemWhat to check and what to do next
Privacy, Data Handling, and Production Configuration is missing or does not match this guide. Confirm the plugin is active and the account can manage WordPress options. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry.
A change on Privacy, Data Handling, and Production Configuration does not produce the expected result. Keep the exact notice and test case, then review the browser console and WordPress/PHP log. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry.
Privacy, Data Handling, and Production Configuration
Capture
Show the Chat Content disclaimer and Security master/rate settings side by side using a montage; all site/visitor details must be removed.
Show
Disclaimer, visibility mode, security master, rate/length, retention cleanup
Viewport
Desktop, 1440 × 900
Annotate
Use numbered callouts only for controls referenced in the procedure.
Redact
OpenAI keys, tokens, secrets, personal information, private URLs, IP addresses, and conversation text