WPShake
How it works For agencies For enterprise Stories Pricing
Privacy Policy

Privacy Policy

Last updated: 30 June 2026

WPShake is a WordPress fleet-management service operated by RebelCode. This page covers two things: the data WPShake collects when you use the dashboard at wpshake.com, and the data the Shake Connect plugin reads from a site once you install it there.

What we collect from your WPShake account

  • Account data: email address, password (stored as a salted hash, never in plain text), and organization name.
  • Connected site data: the site URLs and connection tokens you add to your fleet, plus the state Shake Connect reports back (plugin/theme inventory, core version, update status, backup status, uptime, security findings, activity-log entries).
  • Audit log: a record of actions the agent takes or proposes on your connected sites, kept so you can review what happened and why.
  • Optional integrations: if you connect Google Analytics, Google Search Console, or single sign-on (Google, Microsoft, or SAML), we store the access tokens and the metrics needed to show them in the dashboard. You can disconnect any integration at any time from Settings.
  • Billing data: handled by our payment processor; we do not store full card numbers.

What Shake Connect reads from your WordPress site

Shake Connect exposes a bearer-token-authenticated REST API that the WPShake dashboard calls to read site state on a schedule you control. It can report:

  • Plugin and theme inventory, available updates, and WordPress core version
  • Core file checksums and database health
  • Recent WooCommerce orders, if WooCommerce is installed
  • Recent PHP errors from your debug log, if logging is enabled
  • Which backup plugin is active and its last-run status
  • WP Activity Log entries, if that plugin is installed
  • Malware-scan and broken-link-checker results

Shake Connect does not auto-update plugins, themes, or core on its own. It does not collect visitor analytics or personal data about your site's visitors. It only talks to the WPShake dashboard configured on its settings page, and only when that dashboard calls its endpoints with a valid bearer token. The connection token is stored on your site as a SHA-256 hash, not in plain text.

How we use this data

To run the dashboard, show you the state of your fleet, send the alerts and reports you've configured, and improve the service. We don't sell data to third parties, and we don't use your site data to train models without your explicit opt-in.

Where data is stored

WPShake runs on Cloudflare's infrastructure (Workers, D1, R2). Data is encrypted in transit (TLS) and access to production data is limited to the people operating the service.

Data retention and deletion

We keep account and audit-log data for as long as your account is active. If you close your account or remove a site from your fleet, we delete the associated connection tokens and stop polling that site. You can request full account deletion at any time by emailing us.

Your rights

You can access, correct, export, or delete your account data at any time from the dashboard, or by emailing hello@wpshake.com. If you're in the EU/UK, this includes the rights granted under GDPR.

Changes to this policy

If we make a material change, we'll update the date at the top of this page and, where appropriate, notify account holders by email.

Contact

Questions about this policy: hello@wpshake.com.

Built by Jean Galea · An AgentVania project
Agencies Enterprise Stories How it works Pricing Privacy Terms