Xaflo

Download ↓
Privacy

We collect nothing.

Xaflo runs locally on your computer. There are no user accounts, no telemetry, no analytics, no cloud. The only network requests Xaflo makes are direct HTTPS calls from your machine to your own WordPress sites.

Summary

Xaflo is a three-piece open-source toolkit: the Xaflo WP Connect WordPress plugin, the claude-wp-mcp Node.js MCP server, and Xaflo Desktop. None of these phone home, none collect telemetry, none have user accounts. The only data they touch is the data you explicitly ask them to act on, and it never leaves the path between your machine and your WordPress site.

Your tokens

Authentication tokens are generated inside your WordPress admin (Xaflo → API Tokens) and pasted into Xaflo Desktop on your computer. They are stored locally in ~/.claude.json on your machine. We never see them. Anthropic (Claude Code) never sees the tokens themselves — only the WordPress data Claude reads or writes during your conversation, which is necessarily processed by Anthropic under their own privacy policy.

Your WordPress data

When Claude Code uses a Xaflo tool (e.g. “list my recent posts”), the MCP server on your computer makes an HTTPS request to your own WordPress site. The site responds with the data. That response is then passed back to Claude. The data never transits any Xaflo server because there is no Xaflo server. We operate no cloud infrastructure that handles your WordPress content.

This website

This marketing website (wpconnect.xaflo.com) runs on WordPress and uses Twenty Twenty-Five plus the Xaflo WP Connect plugin. We do not run third-party analytics, advertising, or tracking cookies. The site loads two fonts from Google Fonts (Inter and JetBrains Mono); your browser makes a request to fonts.gstatic.com when you visit. That is the only third-party network call.

The site does set a WordPress session cookie if you log in to the admin area — only relevant for site operators, not visitors.

Third-party services

  • Anthropic Claude — when you use Claude Code with Xaflo, your conversation (including any WordPress data Claude reads or writes) is processed by Anthropic. Their privacy policy applies: anthropic.com/legal/privacy.
  • Google Fonts — this website loads Inter and JetBrains Mono from Google’s font servers. Their privacy terms apply.
  • GitHub — if you visit our code repositories, GitHub’s policy applies.

We do not work with any other third-party processors.

Enterprise & custom deployments

If you engage Xaflo for an enterprise integration that includes audit log shipping, SIEM integration, or hosted operations, a separate Data Processing Agreement (DPA) will define what data is processed and how. Contact enterprise@xaflo.com.

Contact

Questions about this policy? Email privacy@xaflo.com. We reply within 5 business days.

Last updated: 15 May 2026 · Effective: 15 May 2026

Open source · MIT v1.0.0 · 2026-05-15 Windows · macOS · Linux 74 WP tools