FiveWP ("we", "us", "our") is a WordPress plugin developed and maintained by Estrelathemes, trading as FiveWP. Our registered contact email is admin@fivewp.com.
FiveWP is a software product — not a SaaS platform. The plugin runs entirely inside the WordPress installation of the business owner who installs it ("Plugin User"). We do not operate a central server that receives or processes end-customer data.
FiveWP is a reputation management plugin for WordPress. Its core functions are:
When the Plugin User connects their Google account, FiveWP requests access to the following Google API scope:
| Scope | Purpose | Access Type |
|---|---|---|
https://www.googleapis.com/auth/business.manage |
Read Google reviews for the business location; post and manage replies to those reviews on the owner's behalf. | Read & Write (reviews and replies only) |
The data retrieved through this scope and stored locally includes:
FiveWP does not access, store, or use any other Google user data such as contacts, calendar, Gmail, Drive, or profile information beyond what is strictly necessary to authenticate the connection.
FiveWP's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
All data processed by FiveWP is stored exclusively in the Plugin User's own WordPress MySQL database, on the server they control. FiveWP creates three custom database tables:
| Table | Contents |
|---|---|
{prefix}fivewp_reviews |
Review data fetched from Google (author name, rating, text, timestamp, source ID). |
{prefix}fivewp_replies |
AI-generated draft replies and final published reply text. |
{prefix}fivewp_campaigns |
Review-request emails sent to customers (name, email, sent/opened/clicked timestamps, unique tracking token). |
Plugin settings — including API keys and OAuth tokens — are stored in the WordPress wp_options table under the key fivewp_settings.
The Plugin User authenticates with their Google account through the standard OAuth 2.0 flow. FiveWP stores the resulting tokens in the WordPress options table:
Tokens are refreshed automatically by the plugin before each API request if they are close to expiry. Tokens are never logged, printed to screen, or exposed in front-end HTML or JavaScript.
The Plugin User can revoke access at any time by:
FiveWP integrates with the following external services when configured to do so by the Plugin User:
| Service | Purpose | Data Sent | Privacy Policy |
|---|---|---|---|
| Google Business Profile API | Fetch reviews; post replies | OAuth token; reply text | Google Privacy Policy |
| Google Places API | Look up Place ID; fetch recent reviews (fallback) | Business name search query; Place ID | Google Privacy Policy |
| OpenAI API (optional) | Generate AI reply drafts | Review text; business name; tone setting | OpenAI Privacy Policy |
| Anthropic API (optional) | Generate AI reply drafts | Review text; business name; tone setting | Anthropic Privacy Policy |
| WordPress wp_mail() | Send review-request emails; bad review alerts | Customer name & email address; business name | Depends on SMTP plugin or hosting provider used |
All API keys for the above services are supplied by the Plugin User and stored on their own server. FiveWP does not have access to, and does not store, these API keys on any FiveWP-operated system.
If the Plugin User uses the AI reply feature, review text (which may include the names of reviewers) is sent to the selected AI provider. Plugin Users should ensure their use of these services complies with the AI provider's terms of service.
FiveWP does not sell, rent, lease, or share any personal data with third parties for commercial purposes.
Data may be disclosed only in the following circumstances:
Because FiveWP does not operate a central data store, we do not hold end-customer data and cannot be compelled to produce it.
Review data, reply drafts, and campaign records are retained in the Plugin User's database for as long as the plugin remains installed.
When the plugin is uninstalled through WordPress:
fivewp_reviews, fivewp_replies, fivewp_campaigns) are dropped.wp_options, including OAuth tokens and API keys, are deleted.The Plugin User can also delete individual records (reviews, campaign entries) manually from the WordPress admin interface at any time.
Google OAuth tokens can be revoked at any time as described in Section 5.
If you are a reviewer whose data appears in a Plugin User's FiveWP installation (because you left a Google review for their business), your data rights are governed by:
If you are a Plugin User and are located in the European Economic Area (EEA) or United Kingdom, you have rights under the GDPR / UK GDPR including the right to access, rectify, or erase personal data we hold about you. Because we hold no Plugin User personal data on our servers, any such request would relate solely to your account email on file at admin@fivewp.com.
To exercise any of these rights, contact us at admin@fivewp.com.
FiveWP is built with the following security measures:
$wpdb->prepare() — no raw SQL with user input.check_ajax_referer()) and user capability (current_user_can('manage_options')).The security of data stored on the Plugin User's server is the Plugin User's responsibility. We recommend using a reputable hosting provider with encrypted storage, keeping WordPress and all plugins up to date, and using HTTPS.
FiveWP is a business tool intended for use by adults and business operators. We do not knowingly collect any personal data from children under the age of 13. If you believe a child's data has been processed in error, please contact us at admin@fivewp.com.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify Plugin Users via the plugin update notes or by email where we hold a contact address.
Continued use of FiveWP after changes are published constitutes acceptance of the updated policy.
For any questions about this Privacy Policy or your data, please contact us: