=== Streamline Connect ===
Contributors: sebaponce
Tags: voiceflow, chatbot, ai
Requires at least: 5.0
Tested up to: 6.8
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect your Voiceflow AI assistants to WordPress with ease.

== Description ==

Streamline Connect is a WordPress plugin that allows you to seamlessly integrate your Voiceflow AI assistants into your WordPress website. The plugin provides a simple interface to manage your assistants and their configurations.

= Features =

* Connect multiple Voiceflow AI assistants
* Manage assistant configurations
* License management system
* Easy-to-use admin interface

== Security Features ==

StreamlineConnect implements comprehensive security measures to protect your WordPress site:

**Nonce Protection:**
* All AJAX requests require valid WordPress nonces for verification
* Process page access requires assistant-specific nonces for enhanced security
* Fresh nonce generation system prevents replay attacks
* Different nonce actions for different functionality (payments, licenses, admin operations)

**Permission Validation:**
* All administrative functions require 'manage_options' capability
* User authentication required for payment processing
* Database operations are restricted to authorized users only
* Rate limiting on data processing endpoints (10 requests per minute per user)

**Input Sanitization:**
* All user inputs are sanitized using WordPress standards
* Recursive sanitization for complex data structures
* SQL injection prevention through prepared statements
* XSS protection on all output

**Performance Security:**
* Security checks only run when necessary to prevent performance degradation
* Early exit strategies for non-plugin pages
* Conditional nonce validation based on operation type
* Transient caching for rate limiting

**Data Protection:**
* All database queries use WordPress prepared statements
* Sensitive operations require multiple validation layers
* Assistant IDs validated against database before operations
* Domain validation for local development detection

== External Services ==

This plugin connects to external third-party services to provide AI assistant functionality, subscription management, and payment processing. Below is a comprehensive disclosure of all external services used:

**1. Streamline Services API (wp-api.streamline.services)**
- **Purpose:** Core subscription management, license validation, billing processing, and AI assistant interaction routing
- **What data is sent:** 
  - Domain name and website URL
  - User information (first name, last name, email address)
  - Billing address information (street address, city, state, postal code, country)
  - Payment information (processed securely, not stored by plugin)
  - License keys and subscription status
  - AI assistant configuration data and interaction logs
- **When data is sent:**
  - During subscription creation and management
  - License activation and periodic validation checks
  - Every AI assistant interaction and conversation
  - Billing status verification (automatic background checks)
- **Service Provider:** Streamline Services
- **Privacy Policy:** [https://streamline.services/privacy](https://streamline.services/privacy)
- **Terms of Service:** [https://streamline.services/terms](https://streamline.services/terms)

**Specific API Endpoints:**
- `https://wp-api.streamline.services/api/subscriptions` - Create and manage subscription plans
- `https://wp-api.streamline.services/api/subscriptions/by-domain` - Check subscription status by domain
- `https://wp-api.streamline.services/api/voiceflow/trigger` - Process AI assistant interactions

**2. Voiceflow API (voiceflow.com)**
- **Purpose:** AI conversation processing and chatbot response generation (accessed through Streamline Services proxy)
- **What data is sent:**
  - User messages and conversation history
  - Assistant API keys and configuration
  - Session data and conversation context
- **When data is sent:** Every time a user interacts with an AI assistant
- **Service Provider:** Voiceflow Inc.
- **Privacy Policy:** [https://www.voiceflow.com/privacy](https://www.voiceflow.com/privacy)
- **Terms of Service:** [https://www.voiceflow.com/terms](https://www.voiceflow.com/terms)

**Data Processing Notes:**
- All data transmission occurs over secure HTTPS connections
- User interaction data is processed to provide AI responses and improve service quality
- Billing information is handled securely and not permanently stored by the plugin
- License validation occurs automatically to ensure service compliance
- No sensitive WordPress database information is transmitted to external services

== Installation ==

1. Upload the `streamlineconnect` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to the Streamline Connect settings page to configure your assistants

== Frequently Asked Questions ==

= How do I get my Voiceflow API key? =

You can obtain your API key from the Voiceflow dashboard under the Integrations tab.

= Can I use multiple assistants? =

Yes, you can connect and manage multiple Voiceflow AI assistants through the plugin.

== Changelog ==

= 1.0.0 =
* Initial release

== Upgrade Notice ==

= 1.0.0 =
Initial release 