=== Abmahn-Shield ===
Contributors: abmahnshield
Tags: abmahnung, dsgvo, gdpr, impressum, compliance
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 1.0.6
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect your WooCommerce store from German legal compliance risks. Automated check for imprint, privacy policy, cookie banner, terms, and more.

== Description ==

**Abmahn-Shield** prüft deinen WooCommerce-Shop auf die häufigsten Abmahnrisiken im deutschen E-Commerce:

= Kostenloser Quick-Scan =

* Impressum vorhanden und im Footer verlinkt?
* Datenschutzerklärung vorhanden und verlinkt?
* AGB-Seite konfiguriert?
* Widerrufsbelehrung vorhanden?
* Versandinformationen vorhanden?
* Google Fonts extern geladen? (BGH-Urteil 2022)
* Tracking-Scripte ohne Cookie-Consent?
* Grundpreis-Plugin (PAngV) aktiv?

= Deep-Scan (optional, 9,90 EUR einmalig) =

* KI-gestützte Analyse des vollständigen HTML-Codes
* Impressum-Inhaltsprüfung (fehlen Pflichtfelder?)
* DSGVO-Konformität der Datenschutzerklärung
* Cookie-Banner-Funktionstest
* BFSG-Barrierefreiheitsprüfung (21+ WCAG 2.1 AA Regeln)
* Streitwert-Einschätzung pro Verstoß
* Priorisierte Fix-Empfehlungen

= Rechtliche Grundlage =

Basierend auf aktueller Rechtsprechung (BGH, EuGH) und Gesetzeslage:

* DDG §5 (Impressumspflicht)
* DSGVO Art. 13 (Datenschutzerklärung)
* TDDDG §25 (Cookie-Einwilligung)
* §355 BGB (Widerrufsrecht)
* PAngV (Grundpreisangaben)
* BFSG (Barrierefreiheitsstärkungsgesetz, ab Juni 2025)
* BGH-Urteil Google Fonts 2022

= Hinweis =

Dies ist eine technische Compliance-Einschätzung, keine Rechtsberatung im Sinne des RDG. Für rechtsverbindliche Prüfung bitte einen Fachanwalt hinzuziehen.

== Installation ==

1. Lade das Plugin hoch oder installiere es über das WordPress Plugin-Verzeichnis.
2. Aktiviere das Plugin unter "Plugins".
3. Gehe zu WooCommerce > Abmahn-Shield.
4. Klicke "Jetzt scannen" für den kostenlosen Quick-Scan.

== Frequently Asked Questions ==

= Werden Kundendaten übertragen? =

Nein. Der Quick-Scan läuft komplett lokal in deiner WordPress-Installation. Beim Deep-Scan wird nur die URL deines Shops an den Abmahn-Shield Server übertragen. Kunden-, Bestell- oder Produktdaten werden niemals übermittelt.

= Funktioniert das Plugin auch ohne WooCommerce? =

Nein. Abmahn-Shield ist speziell für WooCommerce-Shops entwickelt und prüft WooCommerce-spezifische Einstellungen wie AGB-Seite und Grundpreis-Plugins.

= Was kostet das Plugin? =

Das Plugin und der Quick-Scan sind kostenlos. Der optionale Deep-Scan kostet einmalig 9,90 EUR (kein Abo).

== Screenshots ==

1. Quick-Scan Ergebnisse mit Risiko-Übersicht
2. Deep-Scan Upsell mit Feature-Übersicht

== External services ==

This plugin connects to the Abmahn-Shield API to perform Deep-Scans and process payments. The Quick-Scan runs entirely locally within your WordPress installation and does not send any data to external servers.

= Abmahn-Shield API (Deep-Scan) =

When you initiate a Deep-Scan, the plugin sends your shop's URL to the Abmahn-Shield API for a comprehensive compliance analysis. No customer data, order data, or product data is ever transmitted.

* **What data is sent:** Your shop's URL (home_url), your admin email address (for account registration and scan result delivery), and the scan ID.
* **When data is sent:** Only when you explicitly click "Deep-Scan starten" or "Jetzt kaufen" in the plugin admin page.
* **Service provider:** Abmahn-Shield, Dennis Stahlhut, Holsen 7a, 59075 Hamm, Germany.
* **API endpoints used:**
  * `https://abmahn-shield.de/api/wc/register` — One-time site registration. Called only on the first Deep-Scan or first Deep-Scan checkout (never during the local Quick-Scan).
  * `https://abmahn-shield.de/api/wc/scan` — Sends the shop URL for Deep-Scan analysis.
  * `https://abmahn-shield.de/api/wc/checkout` — Initiates the payment process for the Deep-Scan report.
* **Terms of service:** [https://abmahn-shield.de/agb](https://abmahn-shield.de/agb)
* **Privacy policy:** [https://abmahn-shield.de/datenschutz](https://abmahn-shield.de/datenschutz)

= Stripe (Payment Processing) =

When you purchase a Deep-Scan report, the payment is processed by Stripe. The plugin does not handle any payment credentials directly. You are redirected to Stripe's secure payment page.

* **What data is sent:** Your email address and the scan ID are passed to Stripe via the Abmahn-Shield API to create a payment session.
* **When data is sent:** Only when you click "Jetzt kaufen" to purchase a Deep-Scan report.
* **Service provider:** Stripe Technology Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
* **Terms of service:** [https://stripe.com/de/legal/consumer](https://stripe.com/de/legal/consumer)
* **Privacy policy:** [https://stripe.com/de/privacy](https://stripe.com/de/privacy)

= Local-only pattern matching (no external connections) =

The Quick-Scan analyzes your shop's HTML output **locally within WordPress** to identify whether common third-party tracking scripts or font CDNs are loaded by your theme or other plugins. The plugin performs string comparisons against well-known domain names but **does not connect to, transmit data to, or otherwise interact with** any of these services. The domain names below appear in the plugin source code (`includes/class-scanner.php`) only as literal string arguments to PHP's `strpos()` function.

We document them here together with their terms and privacy policies so that you, as the shop operator, can make an informed compliance decision if the Quick-Scan reports that any of these scripts are present on your store.

* **Google Fonts CDN** — detected domains: `fonts.googleapis.com`, `fonts.gstatic.com`
  * Service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  * Terms: [https://policies.google.com/terms](https://policies.google.com/terms)
  * Privacy: [https://policies.google.com/privacy](https://policies.google.com/privacy)
* **Google Analytics / Google Tag Manager** — detected domains: `google-analytics.com`, `googletagmanager.com` (and `gtag(` function call)
  * Service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  * Terms: [https://policies.google.com/terms](https://policies.google.com/terms)
  * Privacy: [https://policies.google.com/privacy](https://policies.google.com/privacy)
* **Meta Pixel (Facebook)** — detected domains: `connect.facebook.net`, `facebook.com/tr` (and `fbevents.js`)
  * Service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  * Terms: [https://www.facebook.com/legal/terms](https://www.facebook.com/legal/terms)
  * Privacy: [https://www.facebook.com/privacy/policy](https://www.facebook.com/privacy/policy)
* **TikTok Pixel** — detected domain: `tiktok.com/i18n/pixel`
  * Service: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
  * Terms: [https://www.tiktok.com/legal/page/eea/terms-of-service/en](https://www.tiktok.com/legal/page/eea/terms-of-service/en)
  * Privacy: [https://www.tiktok.com/legal/page/eea/privacy-policy/en](https://www.tiktok.com/legal/page/eea/privacy-policy/en)
* **Hotjar** — detected domain: `hotjar.com`
  * Service: Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta.
  * Terms: [https://www.hotjar.com/legal/policies/terms-of-service/](https://www.hotjar.com/legal/policies/terms-of-service/)
  * Privacy: [https://www.hotjar.com/legal/policies/privacy/](https://www.hotjar.com/legal/policies/privacy/)
* **Microsoft Clarity** — detected domain: `clarity.ms`
  * Service: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
  * Terms: [https://www.microsoft.com/legal/terms-of-use](https://www.microsoft.com/legal/terms-of-use)
  * Privacy: [https://privacy.microsoft.com/privacystatement](https://privacy.microsoft.com/privacystatement)

To repeat: **the plugin does not connect to, request from, or send any data to the services listed above.** These domain strings exist only to recognize when those services are already embedded by the shop operator's theme or other plugins, so the Quick-Scan can warn about consent-related compliance risks under TDDDG §25 and GDPR Art. 6.

== Changelog ==

= 1.0.6 =
* Privacy: Removed the implicit site-key registration call from the local Quick-Scan. The Quick-Scan is now strictly local and performs zero outbound HTTP requests to Abmahn-Shield servers. Site registration only happens on the first Deep-Scan (which is an explicit, opt-in user action triggered by clicking "Deep-Scan starten" or "Jetzt kaufen"). Readme "External services" entry for `/api/wc/register` updated to reflect this.

= 1.0.5 =
* Readme: extended "External services" section to explicitly document all third-party domains referenced in the local pattern-matching scanner (Google Fonts, Google Analytics/GTM, Meta Pixel, TikTok Pixel, Hotjar, Microsoft Clarity). Each entry now includes the provider, terms of service, and privacy policy URL. No code changes; the plugin still does not connect to any of these services.
* Pricing: Deep-Scan price reduced from 14,90 EUR to 9,90 EUR (single one-time charge, still no subscription). Admin UI label updated accordingly.

= 1.0.4 =
* Readme: short description rewritten in English per WordPress.org guidelines
* Readme: reduced tags to 5 (within plugin directory limit)

= 1.0.3 =
* Security: Removed unused public REST endpoint `/webhook/stripe` that lacked Stripe signature verification. Stripe webhooks are handled exclusively by the Abmahn-Shield API server (with full signature verification); the plugin no longer exposes a webhook receiver.
* Removed unused `/payment-status` REST endpoint (no consumers in the plugin UI).

= 1.0.2 =
* Payment-Provider von Mollie auf Stripe umgestellt
* Readme: External-Services-Dokumentation für Stripe statt Mollie (gültige ToS- und Privacy-URLs)
* Internes Webhook-Routing entsprechend angepasst

= 1.0.1 =
* External services documentation added to readme.txt
* Plugin URI updated to working landing page

= 1.0.0 =
* Erster Release
* Quick-Scan: Impressum, Datenschutz, AGB, Widerruf, Versand, Google Fonts, Tracker, PAngV
* Deep-Scan Integration via Abmahn-Shield API
* Stripe-Payment für Deep-Scan
* WordPress Admin-Seite unter WooCommerce-Menü

== Upgrade Notice ==

= 1.0.6 =
Privacy fix: the Quick-Scan no longer triggers any background site registration with Abmahn-Shield servers. Site registration is now strictly opt-in via the Deep-Scan flow.

= 1.0.5 =
External-services documentation extended (per-domain terms/privacy links) and Deep-Scan price reduced to 9,90 EUR.

= 1.0.4 =
Readme cleanup for WordPress.org plugin directory compliance (English short description, tag limit).

= 1.0.3 =
Security fix: removed an unused public REST endpoint to harden payment-status handling.

= 1.0.2 =
Payment-Provider auf Stripe umgestellt, External-Services-Dokumentation aktualisiert.

= 1.0.1 =
Readme update: external services documentation for WordPress.org compliance.

= 1.0.0 =
Erster Release von Abmahn-Shield für WooCommerce.
