=== FontVault for GDPR ===
Contributors: edgar1999
Donate link: https://ko-fi.com/nobler
Tags: gdpr, google fonts, privacy, local fonts, speed
Requires at least: 5.0
Tested up to: 6.9
Stable tag: 1.2.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Avoid GDPR fines and speed up your site. Automatically downloads Google Fonts to serve them locally with zero configuration.

== Description ==

Website owners are increasingly facing lawsuits and fines in Europe because their WordPress themes and page builders load Google Fonts directly from Google's servers. Doing this leaks your visitors' IP addresses to Google, which is a direct violation of GDPR privacy laws.

**FontVault for GDPR** solves this problem instantly.

Simply activate the plugin, and it will automatically scan your website, find any external Google Fonts, download them to your server, and rewrite your website's HTML to serve them locally. Font files are cached after the first download — subsequent page loads serve fonts directly from your server with no external requests.

Your visitors stay private, your website stays legal, and you get complete peace of mind.

### Why You Will Love This Plugin:

* **Zero Configuration:** Just activate it and you are protected. No complicated settings pages.
* **Page Builder Compatible:** Uses output buffering to catch fonts injected by Elementor, Divi, Beaver Builder, Slider Revolution, and others — even fonts that bypass standard WordPress enqueue hooks.
* **Blocks Preconnects:** Automatically removes `<link rel="preconnect">` tags to ensure zero communication with Google's font servers from visitors' browsers.
* **Speed Boost:** Serving fonts locally (especially with a CDN) improves Core Web Vitals and PageSpeed Insights scores.
* **woff2 Format:** Downloads the highly compressed `.woff2` font format for the best performance.

To learn more about my work, visit [opsionic.com](https://opsionic.com).

== External Services ==

This plugin makes server-side requests to Google's font services to download CSS and font files. These requests are made **from your server only** — not from your visitors' browsers. No visitor IP addresses or personal data are transmitted to Google.

**Google Fonts API** (`fonts.googleapis.com`)
Used once per unique font URL to download the Google Fonts CSS stylesheet (font-family declarations and @font-face rules). The CSS is then cached locally. No visitor data is sent.

* [Google Terms of Service](https://policies.google.com/terms)
* [Google Privacy Policy](https://policies.google.com/privacy)

**Google Fonts Static Hosting** (`fonts.gstatic.com`)
Used once per font file to download the actual `.woff2` font files referenced in the CSS. Files are saved to your server's uploads directory. No visitor data is sent.

* [Google Terms of Service](https://policies.google.com/terms)
* [Google Privacy Policy](https://policies.google.com/privacy)

After the initial download and caching, this plugin makes no further external requests for those fonts.

== Installation ==

1. Upload the `fontvault-for-gdpr` directory to your `/wp-content/plugins/` directory, or install it directly through the WordPress plugins screen.
2. Activate the plugin through the 'Plugins' screen in WordPress.
3. You're done! Your website is now protected.
4. (Optional) Visit **Settings > GDPR Fonts** to view your protection status or clear the font cache if you change your theme.

== Frequently Asked Questions ==

= Do I need to configure anything? =
No. The moment you click "Activate," the plugin goes to work. It handles downloading and rewriting the CSS automatically.

= Will this break my website design? =
No. Your website will look exactly the same. The only difference is that fonts now load from your own server instead of Google's.

= I changed my theme's font, but it's not updating on the live site. What do I do? =
Go to **Settings > GDPR Fonts** in your WordPress dashboard and click "Clear Local Font Cache". The plugin will download your new fonts on the next page load.

= Is this truly GDPR compliant? =
By routing all font files through your own server, your visitors' IP addresses are never sent to Google, addressing the primary cause of GDPR font-related fines. For full legal compliance always consult a legal professional for your specific situation.

= Does the plugin contact Google on every page load? =
No. Fonts are downloaded and cached locally on the first page load. All subsequent requests are served from your own server with no external connections.

== Screenshots ==

1. The clean, simple settings page that confirms you are protected.

== Changelog ==

= 1.2.0 =
* Updated Author URI to opsionic.com.

= 1.1.0 =
* Renamed plugin to "FontVault for GDPR" for distinctiveness per WordPress.org guidelines.
* Added External Services section to readme documenting Google Fonts API usage.
* Fixed: output buffer is now explicitly closed via the `shutdown` hook.
* Replaced direct file_put_contents() calls with WP_Filesystem.
* Replaced glob() in clear_directory() with WP_Filesystem::dirlist().
* Added i18n support throughout admin UI strings.

= 1.0.0 =
* Initial release.
