Is any user personal information processed (for GDPR etc.) purposes by the plugin?

No. Logging in, setting up TFA, and all other operations of plugin functionality do not send any data to any remote service.

If you connect the plugin to receive plugin updates using the WordPress plugin update mechanism, then it will periodically request information on update availability from our servers. The information contained in this update check (e.g. the identifier for your account with us, the WordPress and PHP version the plugin is running on) is not processed by us for any further purpose. It does not contain any information on how or by whom the plugin is used (i.e. “telemetrics”) beyond the URL of the website it is installed upon. The HTTP request as logged by our webserver may remain in our webserver logs until they are periodically and automatically rotated, up to 6 months later.

Posted in: Two Factor Authentication