=== Heartly – Flash Sales for WooCommerce ===
Contributors: heartly, sukramb
Tags: flash sales, countdown timer, sales, discounts, marketing
Requires at least: 5.8
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.1.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Run flash sales on WooCommerce. Heartly adds countdown timers, checkout redirects, and campaign analytics — no code required.

== Description ==

**Heartly** connects your WooCommerce store to the Heartly flash sales platform. Create time-limited sales with countdown timers, automatic checkout redirects, and real-time analytics — all from the Heartly dashboard.

= What this plugin does =

* **Automatic checkout redirect**: Customers who click "Go to Checkout" on a Heartly flash sale land directly on your checkout page with the product in their cart
* **Coupon application**: Discount codes from flash sale URLs are automatically applied at checkout
* **Order tracking**: Flash sale ID is saved to each order so you can measure campaign revenue
* **Price history sync**: Product price changes are forwarded to Heartly for PAngV compliance tracking
* **Settings sync**: Your checkout and cart URLs are kept in sync with the Heartly platform automatically

= Who this is for =

WooCommerce store owners who want to run flash sales without touching code. You create the campaign in the Heartly dashboard, install this plugin once, and it handles the storefront logic.

= Requirements =

* A Heartly account — sign up at [heartly.io](https://www.heartly.io)
* WooCommerce 5.0 or higher
* WordPress 5.8 or higher
* PHP 7.4 or higher

== Installation ==

**Option A — Install directly from WordPress (recommended)**

1. Go to WordPress Admin → Plugins → Add New
2. Search for "Heartly"
3. Click **Install Now**, then **Activate**
4. Go to WooCommerce → Heartly to confirm the connection

**Option B — From your Heartly dashboard**

1. Sign up or log in at [heartly.io](https://www.heartly.io)
2. Follow the WooCommerce onboarding — it generates a one-click install link for your store
3. Click the link, install and activate the plugin
4. The connection is established automatically

== Frequently Asked Questions ==

= Do I need a Heartly account? =

Yes. This plugin is the WooCommerce-side bridge for the Heartly platform. Without a Heartly account the plugin has no effect. You can sign up free at [heartly.io](https://www.heartly.io).

= Will this affect my normal WooCommerce functionality? =

No. The checkout redirect and coupon logic only activates when a customer arrives via a Heartly flash sale URL (URL contains `flash_sale_id` or `heartly=1`). All standard WooCommerce behavior is unchanged.

= Can I disable the auto-redirect to checkout? =

Yes. Go to WooCommerce → Heartly and uncheck **Auto-Redirect to Checkout**.

= What data is sent to Heartly? =

When the plugin is active and connected, the following data is sent to heartly.io:

* Your store's checkout and cart URLs (on activation and once every 24 hours)
* Product price changes (used for PAngV compliance price history)
* Order metadata when a purchase originates from a Heartly flash sale (flash sale ID only)
* A deactivation signal when the plugin is deactivated

No customer personal data (name, email, address) is ever sent to Heartly.

= Is this GDPR compliant? =

Yes. The plugin does not collect or transmit customer personal data. Order tracking only stores the internal Heartly flash sale ID as order metadata. A GDPR data exporter and eraser are included for completeness.

== External Services ==

This plugin connects to the **Heartly** platform (heartly.io) to function. The following external API calls are made:

**heartly.io** — [Terms of Service](https://www.heartly.io/terms) | [Privacy Policy](https://www.heartly.io/legal/privacy)

| When | What is sent | Endpoint |
|------|-------------|----------|
| Plugin activation / daily | Checkout URL, cart URL, locale, plugin version | `heartly.io/api/woocommerce/settings/sync` |
| Product price saved | Product ID, prices, variations | `heartly.io/api/webhooks/woocommerce/product-updated` |
| Order placed via flash sale | Flash sale ID (order metadata) | Stored locally — no external call at checkout |
| Plugin deactivated | Shop URL, timestamp | `heartly.io/api/webhooks/woocommerce/deactivate` |

All requests use HMAC-SHA256 signatures for authentication. No customer personal data is transmitted.

== Screenshots ==

1. The Heartly dashboard — create and manage flash sales
2. Flash sale countdown timer on your WooCommerce storefront
3. Plugin settings page under WooCommerce → Heartly

== Changelog ==

= 1.1.5 - 2026-06-10 =
* Fixed: Plugin Check errors — replaced parse_url() with wp_parse_url() in settings sync, added translators comment to GDPR eraser message
* Fixed: Plugin Check warnings — documented intentional cases for storefront query inspection (read-only) and GDPR meta_query (Privacy Tools only) with inline phpcs:ignore annotations

= 1.1.4 - 2026-06-10 =
* Fixed: Fatal error on activation in the WordPress.org build — get_shop_url() was removed together with the updater code but is required by the settings sync. The method now lives outside the updater block.

= 1.1.3 - 2026-05-30 =
* Security: REST `/heartly/v1/status` endpoint now uses `__return_true` permission callback. The endpoint returns only plugin status and version (intentionally public, no PII or fingerprinting); the previous header-presence check was security theatre and has been removed.

= 1.1.2 - 2026-05-21 =
* Updated: Declared Tested up to WordPress 7.0

= 1.1.1 - 2026-05-21 =
* Fixed: Plugin URI now resolves to the public WooCommerce plugin landing page
* Fixed: Terms of Service link in readme now resolves to the canonical /terms page
* Updated: Contributors list now reflects all WordPress.org committers

= 1.1.0 - 2026-04-01 =
* Added: PAngV-compliant price history ingestion (save_post_product, updated_post_meta, woocommerce_update_product_variation hooks)
* Added: HEARTLY_WPORG_BUILD constant support — disables custom updater when running as a WP.org-distributed plugin
* Improved: Variation price changes now walk up to the parent product for complete payload

= 1.0.27 - 2026-03-25 =
* Updated: Declared Tested up to WordPress 6.9.4 and WC tested up to 10.6.1

= 1.0.26 - 2026-03-24 =
* Fixed: QIT Security false positives by sanitizing request params before checks
* Fixed: REST /heartly/v1/status uses a dedicated permission callback

= 1.0.25 - 2026-03-24 =
* Updated: Declared Tested up to WordPress 6.9 and WC tested up to 10.6

= 1.0.24 - 2026-03-24 =
* Fixed: WooCommerce QIT Security — logging uses WooCommerce logger; admin UI uses proper escaping

= 1.0.23 - 2026-03-24 =
* Fixed: Auto-redirect only runs for Heartly flash-sale URLs, not standard add-to-cart
* Fixed: Settings/webhook sync messages no longer write to PHP error log unless HEARTLY_DIAGNOSTIC is enabled

= 1.0.22 - 2026-03-24 =
* Fixed: WooCommerce dependency check and admin notice load order
* Fixed: Settings checkbox saves correctly when auto-redirect is disabled

= 1.0.11 - 2025-12-04 =
* Removed: Manual webhook registration button
* Improved: Webhooks registered automatically during OAuth connection

= 1.0.0 - 2025-01-25 =
* Initial release

== Upgrade Notice ==

= 1.1.0 =
Adds PAngV price history tracking. Update recommended for all EU merchants.
