Comments:
When visitors leave comments on the site data shown in the comments form is collected, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so follow-up comments can be recognised and approved automatically instead of holding them in a moderation queue.
If you have left comments, you can request to receive an exported file of the personal data held about you, including any data you have provided. You can also request that I erase any personal data held about you. This does not include any data that is needed to be kept for administrative, legal, or security purposes.
WordPress.com Stats:
IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
Activity Tracked:
Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the JavaScript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, JavaScript files, CSS files, etc.). The site owner has the ability to force this feature to honour DNT settings of visitors. By default, DNT is currently not honoured.
Subscriptions:
To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
General:
Activity Tracked: functionality cookies are set to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
This blog uses an anti-spam plugin called Antispam Bee, when a visitor leaves a comment it will check that the IP address is valid. No private user data is saved by this plugin.
Third party privacy policies can be found on their websites.