=== TejCart ===
Contributors: tejcart
Tags: ecommerce, shopping cart, store, payments, digital downloads
Requires at least: 6.3
Tested up to: 6.8
Requires PHP: 8.2
Stable tag: 1.0.1
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A modern shopping cart for WordPress.

== Description ==

TejCart is a shopping cart plugin for WordPress. Sell physical goods, digital downloads, or services with products, cart, checkout, orders, customers, coupons, taxes, and shipping all in one place.

= Features =

* Simple, variable, digital, grouped, external, and bundle products
* AJAX shopping cart with persistent storage for logged-in users
* Single-page checkout with guest checkout
* Multiple payment options including cards, digital wallets, and Pay Later
* Order management with refunds and invoices
* Customer accounts with order history
* Coupons, taxes, and shipping zones
* Transactional emails with template overrides
* Digital downloads with secure delivery URLs
* CSV import / export
* REST API and WP-CLI commands
* Gutenberg blocks for cart, checkout, and account pages

= Requirements =

* WordPress 6.3 or later
* PHP 8.2 or later
* HTTPS enabled

== Installation ==

1. Upload the `tejcart` folder to the `/wp-content/plugins/` directory, or install the plugin through the **Plugins > Add New** screen in WordPress.
2. Activate the plugin through the **Plugins** screen.
3. Visit **TejCart > Setup Wizard** in the WordPress admin to configure currency, store address, payment methods, shipping zones, and tax preferences.
4. Connect a PayPal account from **TejCart > Settings > Payments** to start accepting payments.
5. Add your first product under **TejCart > Products > Add New**.

The Setup Wizard is optional — every setting it touches is also available under **TejCart > Settings**.

== Frequently Asked Questions ==

= Does TejCart work with any WordPress theme? =

Yes. TejCart uses standard WordPress hooks and works with any properly coded theme.

= Can I sell digital products? =

Yes. TejCart supports digital and downloadable products with secure, time-limited download URLs.

= Does TejCart store credit-card data? =

No. TejCart never accepts or stores raw card numbers, CVV codes, or expiry dates. Card data is tokenised in the buyer's browser by PayPal's hosted fields (PPCP), and only opaque references — capture IDs, payer IDs, and vault tokens — ever reach your database. Vault tokens used for saved payment methods are encrypted at rest with AES-256-GCM. Your store does not enter PCI DSS scope beyond SAQ A.

== Screenshots ==

1. The cart page with a discount applied and the free-shipping progress bar.
2. The single-page checkout with PayPal Smart Buttons, hosted card fields, and Pay Later.
3. The admin orders list with quick filters and bulk actions.
4. The product editor for a variable product with attributes and variations.
5. The Setup Wizard guiding a new merchant through currency, payments, and shipping.
6. The reports dashboard showing revenue, orders, items sold, and coupons used.

== External Services ==

TejCart connects to the external services below to provide payment processing and merchant onboarding. Data is only sent when the corresponding feature is actively used.

= PayPal =

When a shopper checks out, or a merchant refunds, captures, or voids a transaction, TejCart calls PayPal's REST API at `https://api-m.paypal.com` (live) or `https://api-m.sandbox.paypal.com` (sandbox). Order totals, line items, billing and shipping addresses, and buyer contact information are sent as part of the checkout flow. The plugin also loads the PayPal JavaScript SDK from `https://www.paypal.com/sdk/js` and the partner-onboarding lightbox from `https://www.paypal.com/webapps/merchantboarding/js/lib/lightbox/partner.js` on the connect screen.

* Service provider: PayPal, Inc.
* Terms of service: https://www.paypal.com/us/legalhub/useragreement-full
* Privacy policy: https://www.paypal.com/us/legalhub/privacy-full

= Google Pay =

When the merchant enables Google Pay, the plugin loads Google's Pay JavaScript SDK from `https://pay.google.com/gp/p/js/pay.js` on the cart and checkout pages so the Google Pay button can render and tokenize the shopper's card.

* Service provider: Google LLC
* Terms of service: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
* Privacy policy: https://policies.google.com/privacy

= TejCart Partner Onboarding Proxy =

To enable one-click merchant onboarding without shipping partner credentials in the plugin, TejCart calls a proxy at `https://tejcart.com/ppcp-seller-onboarding/seller-onboarding.php`. The proxy is only contacted while a merchant is connecting or disconnecting a payment account. The plugin sends the merchant's WordPress admin email, the environment (sandbox or live), a return URL pointing back to the WordPress admin, and the requested product bundle. No shopper data, order data, or API credentials are sent.

* Service provider: TejCart
* Terms of service: https://tejcart.com/terms-of-service.html
* Privacy policy: https://tejcart.com/privacy-policy.html

= Optional bot-protection providers (disabled by default) =

The captcha providers below are opt-in. They are disabled by default and only become active after the merchant explicitly enables a provider under **TejCart > Settings > Security** and supplies their own site key + secret key. When enabled, the plugin verifies a challenge token on the cart, checkout, login, and registration forms by sending the visitor's IP address and the challenge token to the provider's `siteverify` endpoint.

**hCaptcha** — When enabled, the plugin calls `https://hcaptcha.com/siteverify` to verify a challenge response.

* Service provider: Intuition Machines, Inc. (hCaptcha)
* Terms of service: https://www.hcaptcha.com/terms
* Privacy policy: https://www.hcaptcha.com/privacy

**Cloudflare Turnstile** — When enabled, the plugin calls `https://challenges.cloudflare.com/turnstile/v0/siteverify` to verify a challenge response.

* Service provider: Cloudflare, Inc.
* Terms of service: https://www.cloudflare.com/website-terms/
* Privacy policy: https://www.cloudflare.com/privacypolicy/

**Google reCAPTCHA** — When enabled, the plugin calls `https://www.google.com/recaptcha/api/siteverify` to verify a challenge response.

* Service provider: Google LLC
* Terms of service: https://policies.google.com/terms
* Privacy policy: https://policies.google.com/privacy

= Optional bundled-module services (disabled by default) =

TejCart ships several optional modules that are OFF by default. None of them contacts any third party until a merchant turns the module ON under **TejCart > Modules**, enables a specific provider, and enters that provider's own API credentials. Each service below is only contacted when its feature is actively used.

**Live tax providers (Tax module).** When a provider is enabled, TejCart sends the cart/line totals and the order's billing/shipping address to calculate tax at checkout and, where supported, to record the finalised transaction.

* TaxJar — `https://api.taxjar.com` — Terms: https://www.taxjar.com/terms — Privacy: https://www.taxjar.com/privacy-policy
* Avalara AvaTax — `https://rest.avatax.com` — Terms: https://www.avalara.com/us/en/legal/terms.html — Privacy: https://www.avalara.com/us/en/legal/privacy-policy.html
* Stripe Tax — `https://api.stripe.com` — Terms: https://stripe.com/legal/ssa — Privacy: https://stripe.com/privacy

**Carrier shipping rates, labels & tracking (Shipping module).** When a carrier is enabled, TejCart sends the ship-from and destination address, parcel weight/dimensions, and (for labels) order contents when a rate, label, or tracking request is made.

* FedEx — `https://apis.fedex.com` — Terms: https://www.fedex.com/en-us/terms-of-use.html — Privacy: https://www.fedex.com/en-us/trust-center/global-privacy-policy.html
* UPS — `https://onlinetools.ups.com` — Terms: https://www.ups.com/us/en/support/shipping-support/legal-terms-conditions.page — Privacy: https://www.ups.com/us/en/support/shipping-support/legal-terms-conditions/privacy-notice.page
* USPS — `https://apis.usps.com` — Terms: https://www.usps.com/termsofuse.htm — Privacy: https://about.usps.com/who/legal/privacy-policy/welcome.htm
* DHL Express — `https://express.api.dhl.com` — Terms: https://developer.dhl.com/terms-conditions — Privacy: https://www.dhl.com/global-en/home/footer/privacy-notice.html
* Canada Post — `https://soa-gw.canadapost.ca` — Terms: https://www.canadapost-postescanada.ca/cpc/en/our-company/about-us/legal.page — Privacy: https://www.canadapost-postescanada.ca/cpc/en/our-company/about-us/privacy-policy.page
* Australia Post — `https://digitalapi.auspost.com.au` — Terms: https://auspost.com.au/terms-conditions — Privacy: https://auspost.com.au/privacy
* EasyPost — `https://api.easypost.com` — Terms: https://www.easypost.com/legal/terms — Privacy: https://www.easypost.com/privacy
* Shippo — `https://api.goshippo.com` — Terms: https://goshippo.com/terms — Privacy: https://goshippo.com/privacy
* Sendle — `https://api.sendle.com` — Terms: https://www.sendle.com/terms-of-use — Privacy: https://www.sendle.com/privacy
* Delhivery — `https://track.delhivery.com` — Terms: https://www.delhivery.com/terms-and-conditions — Privacy: https://www.delhivery.com/privacy-policy
* Shiprocket — `https://apiv2.shiprocket.in` — Terms: https://www.shiprocket.in/terms-conditions/ — Privacy: https://www.shiprocket.in/privacy-policy/

**Shipment tracking providers (Order Tracking module).** When a provider is enabled, TejCart sends the carrier name and tracking number to fetch delivery status.

* AfterShip — `https://api.aftership.com` — Terms: https://www.aftership.com/terms — Privacy: https://www.aftership.com/privacy
* EasyPost — `https://api.easypost.com` — Terms: https://www.easypost.com/legal/terms — Privacy: https://www.easypost.com/privacy

**Server-side analytics & marketing (Analytics module).** When a destination is connected, TejCart forwards e-commerce events (product views, add-to-cart, checkout, purchase) with order data and, where you configure it, customer contact data (e.g. email, hashed where the provider requires it).

* Google Analytics 4 (Measurement Protocol) — `https://www.google-analytics.com` — Terms: https://marketingplatform.google.com/about/analytics/terms/us/ — Privacy: https://policies.google.com/privacy
* Meta Conversions API — `https://graph.facebook.com` — Terms: https://www.facebook.com/legal/terms — Privacy: https://www.facebook.com/privacy/policy/
* Klaviyo — `https://a.klaviyo.com` — Terms: https://www.klaviyo.com/legal/terms-of-service — Privacy: https://www.klaviyo.com/legal/privacy/privacy-notice
* Mailchimp — `https://<dc>.api.mailchimp.com` — Terms: https://mailchimp.com/legal/terms/ — Privacy: https://www.intuit.com/privacy/statement/

**Sales channels (Channels modules).** When a channel is connected, TejCart syncs your product catalog, inventory, and prices to the marketplace, imports orders, and (where enabled) sends server-side conversion events.

* Amazon Selling Partner API — `https://sellingpartnerapi-na.amazon.com` — Terms: https://developer-docs.amazon.com/sp-api/docs/development-process (Amazon Services Business Solutions Agreement) — Privacy: https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ
* Meta (Facebook & Instagram Shopping) — `https://graph.facebook.com` — Terms: https://www.facebook.com/legal/terms — Privacy: https://www.facebook.com/privacy/policy/
* TikTok Shop & Events API — `https://open-api.tiktokglobalshop.com` and `https://business-api.tiktok.com` — Terms: https://www.tiktok.com/legal/page/global/terms-of-service/en — Privacy: https://www.tiktok.com/legal/page/global/privacy-policy/en

**Multi-currency exchange rates (Currency Switcher module).** When enabled, TejCart requests the latest base→target exchange rate. Only the two ISO 4217 currency codes are sent — no shopper, order, or store data.

* Nexa Plugins exchange-rate API — `https://nexaplugins.com/api/v1/exchange-rate.php` — Service provider: Nexa Plugins — Terms: https://nexaplugins.com/terms-of-service.html — Privacy: https://nexaplugins.com/privacy-policy.html

**AI product-content generation (AI Content SmartSuite module).** When enabled, TejCart sends the product fields you choose (e.g. title, attributes) and your prompt to the AI provider you configure, to generate titles, descriptions, tags, or FAQs. No data is sent until you click generate.

* OpenAI — `https://api.openai.com` — Terms: https://openai.com/policies/terms-of-use — Privacy: https://openai.com/policies/privacy-policy

== Changelog ==

= 1.0.1 =
* Fixed - Design issue in the side cart.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.