=== ComplianceKit — Cookie Consent ===
Contributors:      janlr
Tags:              cookie consent, GDPR, cookie banner, privacy, compliance
Requires at least: 5.9
Tested up to:      7.0
Requires PHP:      7.4
Stable tag:        1.0.3
License:           GPL-2.0-or-later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html

GDPR-compliant cookie consent banner for WordPress, connected to your ComplianceKit dashboard.

== Description ==

**ComplianceKit** is a GDPR compliance platform for websites. This plugin connects your WordPress site to your ComplianceKit dashboard, automatically injecting a fully-compliant cookie consent banner — no theme editing required.

**Features:**

* One-field setup — paste your embed code and save
* Automatic script injection into `<head>` via WordPress hooks (no theme editing)
* Google Consent Mode v2 support (ad_storage, analytics_storage, ad_user_data, ad_personalization)
* Persistent "Manage Cookie Preferences" floating button built into the widget
* Optional footer link for visitors to re-open consent settings (GDPR Article 7(3))
* Granular consent categories: Necessary, Analytics, Marketing, Functional
* Consent records stored and exportable for DPA audits
* DSAR (Data Subject Access Request) management in your dashboard
* Static widget JS served via CDN — zero serverless cost per page load

**What you need:**

A free ComplianceKit account at [compliancekit.tech](https://www.compliancekit.tech). The free plan covers one website with basic consent collection.

== Installation ==

**From the WordPress Plugin Directory (recommended):**

1. Go to **Plugins → Add New** in your WordPress admin
2. Search for "ComplianceKit"
3. Click **Install Now**, then **Activate**
4. Go to **Settings → ComplianceKit** and paste your embed code

**Manual installation:**

1. Download the plugin zip from the WordPress Plugin Directory
2. Go to **Plugins → Add New → Upload Plugin**
3. Upload the zip and click **Install Now**, then **Activate**
4. Go to **Settings → ComplianceKit** and paste your embed code

**Getting your embed code:**

1. Sign up at [compliancekit.tech](https://www.compliancekit.tech)
2. Add your website and run a compliance scan
3. Configure your consent banner appearance
4. Go to **Website → Embed Code** in your dashboard
5. Copy the embed code (the short alphanumeric code, not the full `<script>` tag)
6. Paste it into **Settings → ComplianceKit** in your WordPress admin

== Frequently Asked Questions ==

= Is ComplianceKit free? =

Yes — the Free plan covers one website with basic consent collection. Paid plans unlock multiple websites, custom banner branding, longer consent record retention, advanced analytics, and priority support.

= Does the banner show any ComplianceKit branding? =

No, not by default. The consent banner shows no "Powered by ComplianceKit" credit unless you explicitly turn it on under **Settings → ComplianceKit → Banner Credit**. The checkbox is unchecked by default, so nothing appears to your visitors unless you choose it.

= Does this plugin work without a ComplianceKit account? =

No. This plugin is a connector for the ComplianceKit service. You need a free account to get your embed code.

= Does this slow down my site? =

No. The widget script is a static JavaScript file served from a CDN. It loads with the `defer` attribute, so it never blocks page rendering.

= Will this break my existing Google Analytics or Google Ads? =

The widget implements Google Consent Mode v2. Before consent is given, all Google signals are set to `denied` by default. After the user consents, the appropriate signals are updated. This is the correct, compliant way to run Google Analytics and Google Ads with a consent banner.

= What data does ComplianceKit store? =

ComplianceKit stores: a randomly generated visitor ID (not tied to any personal identifier), the visitor's consent preferences, the timestamp, and which version of the banner was shown. IP addresses are stored temporarily for security purposes. Full details are in the [ComplianceKit Data Processing Agreement](https://www.compliancekit.tech/dpa).

= Is this GDPR compliant? =

ComplianceKit is designed to help you comply with GDPR, ePrivacy Directive, and similar regulations. It implements consent recording, consent withdrawal, and Google Consent Mode v2. However, compliance ultimately depends on how you configure your banner and which cookies/scripts your site uses. The platform does not provide legal advice.

= My theme has its own cookie notice — will there be a conflict? =

Yes, potentially. Disable or remove your theme's built-in cookie notice before activating ComplianceKit to avoid showing two banners.

= How do I re-open the cookie settings for a visitor? =

The widget automatically renders a persistent "Manage Cookie Preferences" button (floating pill in the corner of the screen). Visitors can click it at any time to change their preferences. You can also enable an additional text link in the site footer via **Settings → ComplianceKit → Footer Link**.

== Screenshots ==

1. Settings page — paste your embed code and save
2. The cookie consent banner on the front-end (appearance is configured in your dashboard)
3. ComplianceKit dashboard — consent records and compliance scan results

== Changelog ==

= 1.0.3 =
* Security: removed the user-editable "App URL" setting. The widget script now always loads from the official ComplianceKit domain, so an admin can no longer point the plugin at an arbitrary remote script.
* Added: optional "Powered by ComplianceKit" banner credit. It is off by default and only appears when the site administrator explicitly enables it via the new checkbox in Settings → ComplianceKit.

= 1.0.2 =
* Changed: function/option/constant prefix renamed from `ck_` to `ckit_` (WordPress.org requires 4+ characters)
* Fixed: Text Domain header corrected to lowercase `compliancekit`
* Fixed: Privacy Policy and Terms of Service links now point to the live site
* Removed: screenshot images no longer bundled in the plugin package (uploaded separately to the WordPress.org assets directory instead)

= 1.0.1 =
* Fixed: footer "Manage Cookie Preferences" link now calls `window.ComplianceKit.openSettings()` (requires widget version with Public JS API)
* Fixed: unchecking the Footer Link checkbox now correctly saves as disabled (hidden field added before checkbox)
* Fixed: plugin uninstall now cleans up all `ck_*` options from wp_options
* Fixed: translation loading now correctly wired to `plugins_loaded` hook
* Added: `uninstall.php` for clean removal per WordPress.org guidelines

= 1.0.0 =
* Initial release
* Script injection via `wp_head`
* Settings page with embed code, app URL, and footer link options
* Admin notice when embed code is not configured
* Optional "Manage Cookie Preferences" footer link

== External Services ==

This plugin connects to **ComplianceKit** (https://www.compliancekit.tech), a third-party GDPR compliance service. This connection is the core purpose of the plugin — without it, the plugin does nothing.

**What happens when the plugin is active:**

When a visitor loads any page on your site, their browser fetches a JavaScript file from ComplianceKit's CDN (`www.compliancekit.tech/widget.js`). This file renders the cookie consent banner and records the visitor's consent decision.

**Data sent to ComplianceKit:**

* A randomly generated visitor ID (not linked to any personal identifier)
* The visitor's consent preferences (which cookie categories they accepted or declined)
* The timestamp of the consent decision
* The widget version displayed

IP addresses are processed temporarily for security purposes and are not stored long-term.

**This connection is required.** The plugin cannot function without a ComplianceKit account and an active connection to the service.

* ComplianceKit Privacy Policy: https://www.compliancekit.tech/privacy
* ComplianceKit Terms of Service: https://www.compliancekit.tech/terms
* ComplianceKit Data Processing Agreement: https://www.compliancekit.tech/dpa

== Upgrade Notice ==

= 1.0.3 =
Security and review fixes: the widget always loads from the official ComplianceKit domain. Update recommended.

= 1.0.2 =
WordPress.org review fixes: prefix and Text Domain corrected, Privacy/Terms links fixed.

= 1.0.1 =
Bug fixes: footer link now functional, checkbox uncheck now saves correctly. Update recommended.

= 1.0.0 =
Initial release.
