Last Updated: May 2026

Welcome to WP Mobile Kit. By downloading, installing, or using the WP Mobile Kit with bbpress REST API companion plugin ("the Software"), you agree to be bound by these Terms & Conditions. Please read them carefully before accepting.

1. License Grant

The Software is licensed under the GNU General Public License v2 or later. You are permitted to install and use the plugin on your designated WordPress website in accordance with the GPL license terms.

2. REST API Usage & Rate Limits

To prevent denial of service and ensure server stability, the Software incorporates strict network-level protection mechanisms:

  • Transient Rate Limiting: An IP-based transient rate limit of 10 requests per minute is enforced on the /homepage-raw aggregation endpoint. You agree not to bypass, manipulate, or brute-force this rate-limiting layer.
  • Anti-Spam Write Throttling: A 10-second write throttle is enforced per user session for all interactive post operations (including topic creation, replies, subscriptions, favorites, and likes). Programmatic actions to circumvent this throttling are strictly prohibited.

3. Central Hub & Push Notifications

The Software communicates with a Central Management Hub to manage your application configurations and dispatch notifications. While you supply your own Firebase, analytics, and notification credentials, you acknowledge that push notification device tokens and dispatch metadata are transmitted to and stored on the Central Hub to facilitate network-wide notification delivery.

4. No Warranty and Limitation of Liability

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE, INCLUDING BUT NOT LIMITED TO DATABASE CORRUPTION OR CRON QUEUE LATENCY.

Last Updated: May 2026

Your privacy is of paramount importance to us. This Privacy Policy details how we collect, process, and protect your information when downloading and using the WP Mobile Kit with bbpress REST API plugin.

1. Lead Capture Information

When requesting to download the Software, we collect:

  • Full Name: To personalize communications.
  • Email Address: To deliver the plugin download confirmation and optional onboarding guides.
  • Target Website URL: To map active installs and verify licensing prerequisites.

2. Local Data Processing (Stored Strictly on Your WordPress Server)

Core application functionality operates locally within your server ecosystem. The following data points are stored exclusively in your local WordPress database (options, postmeta, usermeta) and are NOT transmitted to or stored on our Central Management Hub:

  • Authentication Secrets: JSON Web Token (JWT) secret signing keys (configured in wp-config.php) are processed strictly in your local PHP memory. No authentication secrets are ever transmitted.
  • Full User Profile Information: User biography, registration details, specific user settings, and private user interaction history remain exclusively on your local server.
  • LinkedIn OIDC Profile Links: Super Socializer meta keys (such as OIDC provider user ID thechamp_social_id) and avatar caches (thechamp_avatar, thechamp_large_avatar) are kept locally in the wp_usermeta table.
  • Attendee RSVP and Registration Records: Event registration attendee list data, RSVP records, and custom check-in unique IDs generated by Eventin and Event Tickets (including buyer names, emails, phones, ticket types, and QR check-in codes) remain strictly stored in local CPT tables (e.g. etn-attendee).
  • WP Job Manager Meta: Job listing categories, tags, locations, company info (name, website, twitter, logo, video, tagline), application endpoints, and filled/featured metadata fields are kept local.
  • WP Ulike Interactions: Counts of user-specific post/reply likes/dislikes (e.g., stored under _wp_ulike_forums_count) and topic favorite states remain entirely local.
  • Anti-Spam Verification: User session rate-limiting transient states and tracking timestamps remain stored inside your WordPress local cache/transients.

3. Central Management Hub Data (Transmitted & Stored/Cached Externally)

To facilitate native application builds, remote configuration, and high-performance deep linking, the plugin securely synchronizes specific metadata with our Central Management Hub (configured at https://mayankgoyal.in/mgtldev):

  • Onboarding & Setup Details: During onboarding setup (via the /client/setup interface), the client's name, email, website name, target website URL, custom app name, Apple Team ID, selected app modules, and Multisite environment status are transmitted and stored on the Central Hub. The Hub registers these credentials to issue a unique api_key.
  • App Branding Visuals: Primary brand hex colors, and custom visual assets uploaded via WP Admin (App Logo, App Icon, and Splash Screen image URLs) are transmitted (via the /branding interface) and stored on the Hub to render the native application shell.
  • Active Plugins & Integration Settings: Active statuses, target URLs, and configurations of integrated companion modules (including LinkedIn Login enable toggles, Eventin event manager URL settings, and a network-wide list of active plugins installed on your WordPress site) are synced (via the /plugins interface) to the Hub.
  • Push Notifications Routing & Dispatch: While you manage subscriber settings locally, notification routing is processed centrally. When a new blog post, forum topic, reply, job, or event is published, the plugin sends a dispatch request to the Hub containing: the root website URL, title, body excerpt, post reference ID, and a list of target WordPress subscriber user IDs. The Central Hub securely stores these device notification tokens and handles Firebase Cloud Messaging (FCM) dispatch.
  • Consolidated Homepage Caching: To maximize app performance and bypass heavy local database queries, a pre-filtered homepage dataset is compiled periodically and cached on the Central Hub (via the /homepage/sync interface). This cached payload contains the latest 20 items of public public-facing content (blog posts, forum topics, job openings, and events), including public author metadata (display names and avatar URLs) associated with those posts.
  • Build Logs and Status Updates: Build request logs, compilation platform preferences (Android/iOS), build types (preview/production), and build approvals are logged and stored on the Hub.

4. Third-Party Services

If social authentication is activated, OIDC authorization and profile validation requests are securely routed directly between the local server and LinkedIn APIs (specifically `https://www.linkedin.com/oauth/v2/accessToken` and `https://api.linkedin.com/v2/userinfo`). LinkedIn profile picture URLs, email addresses, and names are retrieved during login and linked locally in the WP database. Push notifications routed through the Hub are sent directly to the device via Google Firebase Cloud Messaging (FCM).