=== BIG-FLYTX by MAS ===
Contributors: makeanythingsimple
Tags: conversion tracking, server-side tracking, meta pixel, google analytics, woocommerce tracking
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

WooCommerce conversion tracking with GA4, Meta Pixel, dataLayer and optional server-side event delivery for WordPress.

== Description ==

BIG-FLYTX by MAS is a WordPress and WooCommerce conversion tracking plugin for GA4, Meta Pixel, Google Tag Manager dataLayer, advertising pixels, leads, purchases, and optional server-side event delivery.

Track first-party visitors, customer journeys, form leads, WooCommerce add-to-cart and purchase events from one dashboard. BIG-FLYTX supports browser tracking, dataLayer-only mode, server-side tracking, event deduplication, consent controls, and customer intelligence.

= WordPress Conversion Tracking =

Capture normalized page, lead, ecommerce, and conversion events without editing theme files. The plugin stores first-party event data in plugin-owned tables and can route enabled events to dataLayer, browser pixels, or configured server endpoints.

= WooCommerce Analytics and Purchase Tracking =

Track WooCommerce product views, add-to-cart actions, checkout activity, purchases, order values, customer totals, and revenue while preserving HPOS and Cart/Checkout Blocks compatibility.

= Meta Pixel, GA4, and Google Tag Manager =

Configure Meta Pixel and Conversions API, Google Analytics 4, Google Ads, Google Tag Manager dataLayer, Microsoft Ads UET, TikTok, LinkedIn, Pinterest, Snapchat, X, Reddit, Quora, Telegram, and custom relays.

= Server-side Tracking and Event Deduplication =

Use browser, dataLayer-only, server-only, or monitor-only modes. Event IDs and mapping controls help reduce duplicate conversion delivery when other tracking tools are active.

= Privacy and Consent Controls =

By default, the plugin is installed in paused mode. A site administrator must review the disclosures, explicitly authorize tracking, enable BIG-FLYTX, and enable each desired destination. No visitor event is collected or transmitted merely by installing or activating the plugin.

== Data Collection & Privacy ==

The plugin is paused after activation and does not collect or transmit visitor events until a site administrator enables it.

Tracking starts only after an administrator gives explicit opt-in authorization in BIG-FLYTX settings and enables the plugin. The administrator can choose Site-owner managed mode, where the site owner handles required visitor notices or consent through the site's own policy/CMP, or Strict visitor gate mode, where BIG-FLYTX also waits for a `bftx_consent=granted` cookie or the documented `bftx_mas_tracking_consent_granted` filter. BIG-FLYTX does not display its own consent banner.

When consent has been granted, the plugin can collect visitor IDs, URLs, referrers, UTM parameters, advertising click IDs, browser/user-agent hashes, IP-address hashes, ecommerce event data, product/order data, and safe lead/customer fields such as name, email, and phone when those fields are supplied through forms or commerce transactions.

Raw personally identifiable information storage is disabled by default. Site owners can enable raw name/email/phone storage only when their privacy policy and consent process permit it. Hashes may be stored for matching and deduplication.

The plugin includes explicit administrator opt-in, an optional strict visitor-consent gate, Do Not Track support, raw-PII controls, administrator masking, configurable retention, delivery-log retention, WordPress personal-data export/erase support, and optional uninstall deletion.

== External Services ==

No third-party service is contacted merely by installing or activating the plugin. A service is contacted only when all of the following are true: the administrator explicitly authorizes the disclosed tracking, enables BIG-FLYTX, enables the relevant integration and delivery mode, and configures the required IDs or credentials. If Strict visitor gate mode is selected, visitor consent must also be received before collection or transmission.

Depending on the enabled integration, the plugin may load the provider's browser script or send a server-side conversion request. Data can include event name, event ID, timestamp, page URL, referrer, UTM values, advertising click IDs, product/order identifiers, items, value, currency, and hashed user identifiers. IP address and user agent can be sent where required by a configured conversions API. API credentials are supplied by the site administrator and are not printed into frontend JavaScript.

= Meta / Facebook / Instagram =
Used for Meta Pixel and the Meta Conversions API. Browser scripts are loaded from `connect.facebook.net`; server events are sent to `graph.facebook.com` only when configured.
Terms: https://www.facebook.com/legal/terms
Privacy: https://www.facebook.com/privacy/policy/

= Google Analytics, Google Ads, Google Tag Manager, and YouTube-related measurement =
Used for GA4/Google Ads browser measurement, Google Tag Manager, and GA4 Measurement Protocol. Browser scripts are loaded from `googletagmanager.com`; configured server events are sent to `google-analytics.com`.
Terms: https://policies.google.com/terms
Privacy: https://policies.google.com/privacy

= Microsoft Advertising / Bing UET =
Used for Microsoft UET browser measurement and an optional administrator-configured server endpoint. The browser script is loaded from `bat.bing.com`.
Terms: https://www.microsoft.com/servicesagreement
Privacy: https://privacy.microsoft.com/privacystatement

= TikTok =
Used for TikTok Pixel and TikTok Events API. Browser scripts are loaded from `analytics.tiktok.com`; configured server events are sent to `business-api.tiktok.com`.
Terms: https://www.tiktok.com/legal/terms-of-service
Privacy: https://www.tiktok.com/legal/privacy-policy

= LinkedIn =
Used for LinkedIn Insight Tag and an optional administrator-configured conversions endpoint. The browser script is loaded from `snap.licdn.com`.
Terms: https://www.linkedin.com/legal/user-agreement
Privacy: https://www.linkedin.com/legal/privacy-policy

= Pinterest =
Used for Pinterest Tag and Pinterest Conversions API. Browser scripts are loaded from `s.pinimg.com`; configured server events are sent to `api.pinterest.com`.
Terms: https://policy.pinterest.com/terms-of-service
Privacy: https://policy.pinterest.com/privacy-policy

= Snapchat =
Used for Snap Pixel and the Snapchat Conversions API. Browser scripts are loaded from `sc-static.net`; configured server events are sent to `tr.snapchat.com`.
Terms: https://www.snap.com/terms
Privacy: https://values.snap.com/privacy/privacy-policy

= X / Twitter =
Used for the X advertising pixel and an optional administrator-configured server endpoint. The browser script is loaded from `static.ads-twitter.com`.
Terms: https://x.com/en/tos
Privacy: https://x.com/en/privacy

= Reddit =
Used for Reddit Pixel and Reddit Conversions API. Browser scripts are loaded from `redditstatic.com`; configured server events are sent to `ads-api.reddit.com`.
Terms: https://redditinc.com/policies/user-agreement
Privacy: https://www.reddit.com/policies/privacy-policy

= Quora =
Used for Quora Pixel browser measurement. The browser script is loaded from `a.quora.com`.
Terms: https://www.quora.com/about/tos
Privacy: https://www.quora.com/about/privacy

= Telegram and custom endpoints =
The plugin can send an event to a URL entered by the administrator for Telegram, Microsoft, LinkedIn, X, licensing, or a general custom relay. BIG-FLYTX does not provide or hardcode a default vendor-operated endpoint for these options. The site owner chooses the endpoint and is responsible for documenting that endpoint's provider, terms, privacy policy, and transmitted data to site visitors before enabling it.

Authenticated REST webhook requests always require the configured webhook secret (or an authenticated administrator when no secret is configured) and administrator tracking authorization. When Strict visitor gate mode is selected, the request must also include `X-BIG-FLYTX-Consent: granted` or a `consent_granted` value of `true`, `yes`, `1`, or `granted`.

== Source Code and Build Information ==

All plugin PHP, CSS, and JavaScript is provided in human-readable form. `assets/js/frontend.js` is not obfuscated and does not require a build process. A matching source counterpart is included at `assets/js/src/frontend.js` with build notes in `assets/js/src/README.txt`. The distributed and source files are intentionally identical. No npm, webpack, transpiler, minifier, or proprietary build tool is required.

Third-party provider scripts are not bundled in the plugin; they are loaded from the providers listed above only after explicit administrator authorization and configuration, and after visitor consent when Strict visitor gate mode is selected.

== Installation ==

1. Upload the plugin ZIP through Plugins > Add New > Upload Plugin.
2. Activate BIG-FLYTX by MAS.
3. Go to BIG-FLYTX > Settings.
4. Review Privacy, Compliance & Data Retention settings.
5. Enable only the tracking sources you need.
6. Add Pixel IDs, Measurement IDs, API tokens, and endpoint details where required.
7. Test events before using the plugin on a production client site.

== Frequently Asked Questions ==

= What tracking mode should I use? =

Use Full Tracking when no other tracking plugin controls pixels. Use dataLayer Only when Google Tag Manager controls tags. Use Server Only when browser pixels are already installed elsewhere but BIG-FLYTX should send server events. Use Monitor Only for safe testing and event database logging without sending to ad platforms.

= Does it send server-side events automatically? =

No. Server-side events are sent only when Global Server Tracking and the specific destination server toggle are enabled and credentials are configured. Otherwise the plugin uses browser/dataLayer tracking only.

= Does it track immediately after activation? =

No. The plugin is paused by default. A site administrator must enable it from the settings screen.

= Does it edit theme or plugin files? =

No. It uses WordPress hooks, WooCommerce hooks, browser detection, REST endpoints, and plugin-owned database tables.

= Does it store personal data? =

It can store name, email and phone when forms or orders provide them, but raw PII storage is disabled by default. Site owners can enable raw storage or keep hashed values only where possible.

= Does it require a BIG-FLYTX consent cookie? =

Not in Site-owner managed mode. In that mode, the administrator explicitly authorizes the plugin and manages any required visitor notice or consent through the website's own privacy process or CMP. Strict visitor gate mode is also available and waits for `bftx_consent=granted` or the `bftx_mas_tracking_consent_granted` filter.

= Does BIG-FLYTX support WooCommerce conversion tracking? =

Yes. It can capture WooCommerce product, cart, checkout, purchase, order-value, customer, and revenue events through WooCommerce APIs, including HPOS-compatible order access.

= Can I use Meta Pixel and Meta Conversions API together? =

Yes. You can enable browser and server delivery together and use shared event IDs for deduplication, provided the required Meta credentials are configured.

= Can BIG-FLYTX send GA4 ecommerce events? =

Yes. GA4 browser measurement and optional Measurement Protocol delivery can be configured for normalized ecommerce and conversion events.

= Can I use Google Tag Manager dataLayer-only mode? =

Yes. Choose dataLayer Only when GTM should control the final tags and BIG-FLYTX should only publish normalized event payloads.

= Can it track form leads and customer journeys? =

Yes. Supported form and builder integrations can capture lead events, and the dashboard can connect first-party visitor, lead, customer, and ecommerce activity.

= Does uninstall delete data? =

Only if you enable "Delete BIG-FLYTX Tables on Uninstall" before uninstalling.

== Screenshots ==

1. Core tracking configuration, tracking modes, dataLayer output, browser pixels, and server delivery controls.
2. Privacy, explicit authorization, consent mode, raw PII, retention, and uninstall settings.
3. Universal event mapping and production noise-control options.
4. Meta Pixel and Meta Conversions API configuration.
5. Google Analytics 4, Google Ads, Google Tag Manager, YouTube measurement, and Microsoft Ads settings.
6. TikTok, LinkedIn, Pinterest, Snapchat, X, Reddit, Quora, and Telegram integrations.
7. WooCommerce, ecommerce, LMS, and membership compatibility controls.
8. Form plugin and page-builder lead tracking compatibility.
9. Theme compatibility and safe frontend event-detection controls.
10. Dashboard, customer, lead, sync, export, diagnostics, and health-check tools.
11. BIG-FLYTX intelligence dashboard showing plugin status, totals, and connected tracking sources.

== Changelog ==

= 1.1.2 =
* Prevented notices from other plugins from being injected inside the BIG-FLYTX branded header.
* Added a standard accessible WordPress page heading outside the visual header for compatibility with third-party notice scripts.
* Added a JavaScript safety fallback that relocates dynamically inserted notices above the BIG-FLYTX header.
* Preserved all tracking, privacy, integration, and stored-data behavior.

= 1.1.1 =
* Fixed a PHP 8.1+ admin deprecation warning after activation and on hidden utility pages.
* Registered Setup Wizard and utility screens under the BIG-FLYTX parent so WordPress always receives a valid page title.
* Kept utility screens hidden from the normal menu and preserved all UI 2.0 tracking behavior.

= 1.1.0 =
* Introduced BIG-FLYTX UI 2.0 with a branded Overview dashboard and tracking health score.
* Replaced horizontal settings tabs with a searchable left settings sidebar.
* Replaced binary enabled/disabled dropdowns with accessible toggle switches.
* Added visual integration status cards and a guided first-time setup wizard.
* Added an improved sticky save bar, activity view, reports hub, and downloadable redacted diagnostics.
* Preserved existing tracking, event, privacy, delivery, and integration behavior.

= 1.0.21 =
* Added WordPress.org plugin icons, responsive banners, and eleven product screenshots.
* Improved search-focused tags, short description, feature headings, FAQ content, and screenshot captions.
* Updated the bundled documentation and release metadata for easier monthly maintenance.
* No automatic tracking behavior was enabled or changed; the plugin remains paused by default.

= 1.0.20 =
* Replaced the mandatory plugin-specific visitor cookie with explicit administrator opt-in authorization.
* Added two visitor-consent modes: site-owner managed and optional strict cookie/filter gating.
* Kept all tracking paused by default and blocked external delivery until the administrator accepts the data-sharing disclosure.
* Updated REST authorization and privacy documentation to follow the selected consent mode.

= 1.0.19 =
* Made explicit visitor consent mandatory for every tracking mode.
* Replaced raw PHP-rendered script tags with WordPress script registration, enqueue, localization, and inline-script APIs.
* Restricted the REST health endpoint to administrators with the `manage_options` capability.
* Added complete external-service disclosures with data-use, terms, and privacy links.
* Added a human-readable JavaScript source counterpart and documented the no-build source process.

= 1.0.18 =
* Final live-data stability pass for CRM/customer import.
* Live Data Sync can enable raw CRM fields and optionally rebuild BIG-FLYTX Customers/Leads before reimport.
* Dashboard Purchases and Revenue now include synced historical WooCommerce customer totals, not only newly tracked Purchase events.
* Customer LTV and event values are formatted to two decimal places in admin tables.
* Customer upsert now preserves existing CRM fields and avoids overwriting raw name/email/phone with blank data.
* WooCommerce customer aggregation now uses WooCommerce order APIs for better HPOS/custom order table compatibility.

= 1.0.15 =
* Added WooCommerce total-value payload improvements for orders and carts, including order total, subtotal, discounts, coupon codes, tax, shipping, shipping tax, fees and additional charges.
* Added cleaner production event controls for low-value browser events, scroll events, generic button clicks, FormStart, and browser Lead fallback.
* Throttled SessionStart and Search browser detection to reduce live-site noise from repeated page loads or search forms.
* Reduced false Lead events from checkout/search/builder forms and stopped generic builder/theme clicks unless low-value event tracking is enabled.
* Kept WooCommerce AddToCart/RemoveFromCart improvements from v1.0.13.

= 1.0.12 =
* Added a Duplicate Event Check admin page to show exact duplicate IDs, repeated order events, browser Purchase fallback issues, rapid repeated events, and noisy Search/Scroll/FormStart/ClickButton patterns.
* Added Duplicate Check quick link in Tools and a sidebar submenu for easier QA before enabling production ad delivery.

= 1.0.11 =
* Added Tracking Mode options: Full Tracking, dataLayer Only, Server Only, and Monitor Only.
* Added safer duplicate-tracking detection and recommendations for sites already using GTM, Site Kit, PixelYourSite, Facebook for WooCommerce, TikTok, Pinterest, Bing/Microsoft, or header-script tracking plugins.
* Updated settings, dashboard, Health Check, and frontend delivery logic to respect the selected tracking mode.

= 1.0.6 =
* Improved settings UI with user-friendly tabs for core tracking, privacy, event mapping, Meta, Google/Bing, social sources, commerce, forms/builders, themes, server/license and tools.
* Added an enqueued admin JavaScript file for tab switching and improved admin CSS layout.

= 1.0.5 =
* Fixed Plugin Check output escaping error in Meta Pixel initialization.
* Added a version parameter to the Google gtag enqueue call.

= 1.0.4 =
* Fixed SQL identifier handling, privacy queries, uninstall cleanup, export handling, script enqueue handling, and readme tags for Plugin Check review.

= 1.0.3 =
* Improved CSV export SQL handling by using WordPress identifier placeholders for plugin-owned table names.
* Bumped minimum WordPress version to 6.2 for safe identifier placeholder support.

= 1.0.2 =
* Updated WordPress.org submission metadata and Tested up to value.
* Changed default activation posture to paused until the administrator enables tracking.
* Changed raw PII storage default to disabled.
* Improved privacy and external service disclosures in readme.txt.
* Improved small sanitization/escaping details around admin notices and CSV export filenames.

= 1.0.0 =
* Added GPL/readme/uninstall/privacy hardening.
* Added privacy-policy disclosure content.
* Added WordPress personal-data exporter and eraser support.
* Added consent-gating and Do Not Track settings.
* Added raw PII storage toggle and admin PII masking.
* Added retention cleanup cron for events/visitors/deliveries.
* Added safer uninstall routine controlled by plugin setting.

= 0.9.0 =
* Added standard/recommended event mappings for LinkedIn, Pinterest, Snapchat, X/Twitter, Reddit, Quora and Microsoft/Bing.

= 0.8.0 =
* Added GA4 and TikTok event libraries and normalized event mapping.

== Upgrade Notice ==

= 1.1.2 =
Admin UI compatibility hotfix that keeps third-party plugin notices outside the BIG-FLYTX branded header.

= 1.1.1 =
PHP 8.1+ admin compatibility hotfix for activation and hidden BIG-FLYTX utility screens.

= 1.1.0 =
A major admin experience update. Existing tracking settings and stored data remain unchanged.

= 1.0.21 =
Branding and documentation update with WordPress.org icons, banners, screenshots, improved discovery text, and no change to the paused-by-default tracking posture.

= 1.0.20 =
Adds explicit administrator opt-in authorization and optional strict visitor-consent integration while keeping all tracking paused by default.

= 1.0.19 =
Compliance and security update: WordPress-compliant script loading, protected health endpoint, external-service disclosures, and source-code documentation.

= 1.0.18 =
Improves live CRM/customer sync, historical WooCommerce purchase/revenue dashboard totals, two-decimal money formatting, and HPOS-safe order aggregation.

= 1.0.12 =
Adds a Duplicate Event Check tool so site owners can verify whether conversion events are firing once or duplicating before sending to ad platforms.

= 1.0.11 =
Compatibility update for WooCommerce HPOS and Checkout Blocks. No automatic trial/license key is created.

= 1.0.6 =
Improves the BIG-FLYTX settings screen with workflow-based tabs for easier configuration.

= 1.0.5 =
Fixes the remaining Plugin Check error and one script version warning. No tracking behavior was added or changed.

= 1.0.4 =
Plugin Check cleanup update. No tracking behavior was added or changed.

= 1.0.3 =
Improves CSV export SQL handling for Plugin Check review. The plugin remains paused by default and raw PII storage remains disabled by default.

= 1.0.2 =
The plugin is paused by default and raw PII storage is disabled by default. Review settings before enabling tracking.
