=== CoverMyOrder ===
Contributors: imrouf
Tags: woocommerce, shipping, shipping protection, claims, order protection
Requires at least: 6.3
Tested up to: 7.0
Requires PHP: 7.4
WC requires at least: 8.0
WC tested up to: 9.4
Stable tag: 1.5.3
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Self-hosted shipping protection for WooCommerce. Collect an opt-in fee, let customers file claims, resolve via refund, and keep 100% of premiums.

== Description ==

**CoverMyOrder** is a customer-facing shipping protection platform built directly into WooCommerce. Customers opt in to a small protection fee at checkout — when a delivery goes wrong (lost, damaged, or stolen) they file a claim through a self-serve portal. Operators review claims, approve or deny, and issue WooCommerce refunds.

Unlike SaaS alternatives, you keep the full protection fee in your own account. A built-in reserve ledger tracks every dollar collected and paid out so you always know your loss ratio at a glance.

= Free Features =

**Checkout**

* Customer opt-in protection widget — WooCommerce Cart/Checkout Block and classic shortcode fallback
* Single flat-fee protection plan
* Branded opt-in badge with 2 color theme presets
* Post-purchase confirmation card and customer order notification email

**Claims Portal**

* Self-serve customer claim portal — WooCommerce My Account integration, Gutenberg block, and shortcode
* Evidence upload — photos, videos, PDFs (up to 10 files at 10 MB each by default; filterable)
* Manual carrier tracking entry
* AfterShip inbound webhook for automatic tracking event ingestion (AfterShip account required)

**Operator Dashboard**

* Dashboard with KPIs: fees collected, active claims, reserve balance, and loss ratio; sparkline charts; traffic-light health indicator
* WordPress dashboard widget ("CoverMyOrder — At a Glance") on the wp-admin home page
* Claims queue with status chips, search, overdue badge, and one-click approve & issue WooCommerce refund
* Customer risk profile sidebar on each claim
* Reserve ledger with full running balance
* HTML email templates for every claim status: submitted, approved, denied, and resolved

**Branding**

* 2 colour theme presets
* Hardcoded badge title and description (matches plugin name)
* Cart badge always enabled

**Setup & Compatibility**

* First-run setup wizard — pick a plan, enable the badge, configure tracking
* HPOS (High-Performance Order Storage) compatible
* WooCommerce Cart and Checkout Blocks compatible
* REST API (read endpoints)
* Multilingual ready — Text Domain: covermyorder

= Premium Add-On =

Optional [CoverMyOrder Premium](https://shipguardian.com/pricing) adds advanced features that are NOT part of the free WordPress.org plugin:

* AI-powered fraud scoring on every claim
* Auto-claim from AfterShip carrier webhooks (no operator action needed)
* Carrier-API auto-recovery (file FedEx / UPS / USPS recovery claims automatically)
* SMS notifications via Twilio
* Carrier-level analytics and reporting
* White-label for agencies
* Multi-store management
* Priority email support

The Premium add-on is a separate plugin distributed through Freemius. It is not included in this free plugin and is not required for the free plugin to work.

== Installation ==

**Via WordPress admin (recommended)**

1. Go to **Plugins → Add New** and search for "CoverMyOrder".
2. Click **Install Now**, then **Activate**.
3. The first-run setup wizard opens automatically — follow the three steps to choose a plan, preview the badge, and configure the tracking webhook secret.

**Manual installation**

1. Upload the `covermyorder` folder to `/wp-content/plugins/covermyorder/`.
2. Activate the plugin from the **Plugins** screen.
3. The setup wizard launches on your first admin page load.

== Frequently Asked Questions ==

= Is WooCommerce required? =

Yes. WooCommerce 8.0 or higher must be installed and active. The plugin will display an admin notice and will not load if WooCommerce is absent.

= Is this regulated insurance? =

No. CoverMyOrder is a merchant-funded reserve product — you collect a small fee from opted-in customers and pay claims out of that reserve. It is not a regulated insurance product. Consult legal counsel if you are unsure about compliance requirements in your jurisdiction.

= Is there any feature in the code that does not work for free users? =

No. Every feature included in the free plugin is fully functional for everyone. The optional Premium add-on is a separate plugin (not included here) that adds completely new features such as AI fraud scoring, SMS notifications, and carrier-API auto-recovery.

= Is the plugin compatible with HPOS? =

Yes. CoverMyOrder declares full HPOS (High-Performance Order Storage) and Cart/Checkout Block compatibility before WooCommerce initialises.

= Where is my data stored? =

All data — plans, protections, claims, and reserve ledger entries — is stored in your own WordPress database. No claim, order, or customer data is ever sent to a third party.

= Will Freemius collect data from my site? =

When you first activate the plugin, Freemius will display an opt-in prompt asking whether you are willing to share anonymous diagnostic data with the plugin developer. This is completely optional — you can decline and the plugin will work in full. If you opt in, only non-sensitive environment data is shared (PHP version, WordPress version, active theme, plugin count). No personal user data, customer information, or order details are ever shared. See the Third-Party Services section for links to Freemius's privacy policy and details on how to revoke consent at any time.

= Can I use CoverMyOrder on a WordPress Multisite network? =

Yes. The plugin has no single-site assumptions and is compatible with multisite. Network-wide activation is supported.

= How do I customise the badge appearance? =

Go to **CoverMyOrder → Branding** to choose between the 2 color theme presets. Badge title and description text are hardcoded in the free plugin. Developers can override any front-end template by copying it to `themes/{your-theme}/covermyorder/` inside your active theme.

= Do customers need an account to file a claim? =

Yes. The claim portal integrates with WooCommerce My Account. Customers must be logged in to view their protected orders and submit a claim.

= Where can I get support? =

Use the [support forum](https://wordpress.org/support/plugin/covermyorder/) on WordPress.org for community support. Premium licence holders get priority support via [shipguardian.com/support](https://shipguardian.com/support).

== Third-Party Services ==

This plugin connects to the following external services. Please review their policies before using the plugin in a production environment.

= Freemius =

CoverMyOrder uses [Freemius](https://freemius.com) for licence management and, with your explicit opt-in consent, anonymous usage analytics.

**When a connection is made:**

* On first activation — Freemius displays an opt-in modal. A connection is made only if you click "Allow & Continue". Clicking "Skip" sends no data.
* Periodically — if you hold an active paid licence, Freemius verifies the licence status in the background.

**What data is sent (opt-in only):** PHP version, WordPress version, active theme name, number of active plugins, a non-reversible hash of the site URL. No personal user data, customer records, order details, or claim data is ever included.

**How to revoke consent:** Go to **CoverMyOrder → Account** in your WordPress admin and click the opt-out link at any time.

* Freemius [Privacy Policy](https://freemius.com/privacy/) · [Terms of Service](https://freemius.com/terms/)

= AfterShip (optional) =

If you enable the AfterShip integration under **CoverMyOrder → Settings → Tracking**, AfterShip will deliver tracking event payloads to your site via an inbound webhook. Your site acts as a receiver only — no data is sent *from* your site to AfterShip by this plugin. An AfterShip account and a separately configured webhook are required.

* [AfterShip Privacy Policy](https://www.aftership.com/legal/privacy) · [Terms of Service](https://www.aftership.com/legal/terms-of-service)

= CoverMyOrder Hub (optional, off by default) =

CoverMyOrder can poll **shipguardian.com** for important security alerts, end-of-life notices, and product announcements, then surface them as wp-admin notices. This feature is **OFF by default** and is only activated when you explicitly tick **Receive important CoverMyOrder updates** under **CoverMyOrder → Settings → Data & privacy**. No outbound network calls happen until you opt in.

**When a connection is made (only after opt-in):**

* Once per day — your site fetches the latest message list (read-only HTTP GET).
* Once per week — your site sends a small "heartbeat" so we know it is still alive.
* On notice dismiss / CTA click — your site sends a single non-blocking ping with the message ID.

**Endpoint:** `https://shipguardian.com/wp-json/sg-hub/v1/`

**What data is sent:** plugin version, WordPress version, PHP version, WooCommerce version, locale, best-effort country code, and your site URL. Note that the hub stores a SHA-256 hash of the site URL for analytics in addition to the raw URL for operator-facing diagnostics.

**What is never sent:** customer records, order details, claim data, evidence files, email addresses, IP addresses, or anything related to your store's protected orders.

**How to revoke consent:** untick the same checkbox. The plugin clears its WP-Cron schedule the moment the option is turned off, and the in-admin notices stop appearing on the next page load.

* CoverMyOrder [Privacy Policy](https://shipguardian.com/privacy)

== Screenshots ==

1. **Dashboard** — KPIs (fees collected, active claims, reserve balance, loss ratio), sparkline charts, and traffic-light health indicator.
2. **Claims queue** — status chips, search, overdue badge, and one-click approve & refund.
3. **Claim detail** — evidence gallery, customer risk profile sidebar, carrier tracking timeline, and resolution panel.
4. **Checkout widget** — customer opt-in toggle with plan name, fee, and coverage description.
5. **Setup wizard** — three-step onboarding: plan picker, badge preview, webhook configuration.
6. **Branding settings** — live badge preview with theme picker and text overrides.
7. **Reserve ledger** — running balance with collection and payout line items.
8. **wp-admin home widget** — "CoverMyOrder At a Glance" KPIs surfaced on the default WordPress dashboard.

== Changelog ==

= 1.5.3 =
* Security: email subjects now sanitized with `sanitize_text_field()` to strip line breaks and prevent SMTP header injection.
* Security: `wp_mail()` recipient now validated via `is_email()`; invalid addresses logged and dropped instead of attempted.
* Fix: uninstall cleanup now reads the correct option key (`covermyorder_preserve_data_on_uninstall`) and defaults to **preserve**, so the merchant's "Keep data on uninstall" toggle is honored and missing-option states fail safe.

= 1.4.0 =
* New: optional CoverMyOrder Hub integration — receive important security alerts, EOL notices, and product announcements as in-admin notices. **OFF by default**; opt in under **CoverMyOrder → Settings → Data & privacy** ("Receive important CoverMyOrder updates").
* New: per-user dismissal of Hub notices (each operator sees a notice once).
* New: anonymous weekly heartbeat (plugin/WP/PHP/WC versions, locale, country) — only when the Hub feature is opted in.
* Privacy: the Third-Party Services section now documents the Hub endpoint, what is sent, when, and how to revoke consent.
* Cron: a new `weekly` interval is registered on `cron_schedules` while the Hub feature is enabled.

= 1.1.0.2 =
* Major rework for WordPress.org Plugin Directory submission.
* All previously-gated features unlocked or removed; free plugin contains zero "Pro-only" code paths.
* New "Upgrade to Premium" tab markets the separate premium add-on without locking any code in the free plugin.
* Added "CoverMyOrder — At a Glance" wp-admin dashboard widget.
* Freemius integration set to `is_org_compliant: true`.
* All inline `<script>` tags converted to `wp_add_inline_script()`.
* All 21 nonce verifications wrapped in `sanitize_text_field( wp_unslash( ... ) )`.
* `$_SERVER` superglobal access sanitized.
* All `__()` calls now use literal string arguments for gettext extraction.
* `move_uploaded_file()` replaced with `wp_handle_upload()` for evidence files.
* Error log relocated from uploads root to plugin-specific subdirectory.
* Removed `load_plugin_textdomain()` (no longer required for WP.org plugins).
* AfterShip Privacy/ToS URLs corrected.
* Author updated to plugin owner.

= 1.1.0.1 =
* Internal cleanup release.

== Upgrade Notice ==

= 1.4.0 =
Adds an optional in-admin updates channel (off by default, opt-in under Settings → Data & privacy). No behaviour changes for existing users until opted in.

= 1.1.0.2 =
Major release prepared for WordPress.org Plugin Directory submission. Recommended for all users.
