Follow-up to #788 / #790. Those PRs added the opt-in tracking consent plumbing and moved the toggle to Settings → General → Privacy. This issue captures everything else we agreed on but didn't ship in those PRs.
1. Notice visibility on plugin activation
Right now the admin notice only appears on WooCommerce POS admin screens. Users who activate the plugin and never navigate there miss it.
- Set a transient on plugin activation (
register_activation_hook) flagging "consent prompt needed".
- While that transient is live (7 days), show the notice on a broader screen allowlist: the plugins list, dashboard, and all WooCommerce admin screens — not just WCPOS screens.
- Dismissing the notice (accept, decline, or explicit dismiss) clears the transient.
2. Inline callout on Settings → General → Privacy
When tracking_consent === 'undecided' and the user lands on Settings → General, render a small inline callout above the Privacy section prompting them to make a choice. Gives users who closed the admin notice a second chance to see it in context.
3. Rewritten notice copy (friendly, all three data categories)
Replace the current admin-notice copy with the approved disclosure. Copy agreed with product:
Help us make WCPOS better
If you're happy to, WCPOS can send us some anonymous information about how the plugin is being used. It really helps us decide what to build next.
Here's what that includes:
- Your setup — things like your PHP and WooCommerce versions, your country, and your currency, so we know what environments to support.
- Your store size — roughly how many products, orders, and POS users you have, so we understand the kinds of stores using WCPOS.
- How you use WCPOS — which screens you open and which features you turn on, so we can focus on what people actually use.
We never look at customer details, order contents, prices, your site address, or anything that could identify you or your customers. You can change your mind any time in POS → Settings → General → Privacy.
The same copy (or a condensed version) should appear as the description on the Settings → Privacy section.
4. Privacy page on wcpos.com
Publish a public privacy page on wcpos.com covering:
- What's collected (the three categories above, plus the pseudonymous site/user IDs that make event grouping work)
- Why it's collected
- Where it's sent (self-hosted PostHog)
- Retention policy
- How to opt out
Link to this page from the admin notice and the Settings → Privacy section. (Required for GDPR defensibility — the in-plugin copy is intentionally light, the public page carries the full disclosure.)
5. PostHog instrumentation scope
When implementing the actual telemetry, ship these three categories and nothing else:
Environment fingerprint
- PHP version, WP version, WC version, MySQL version, server OS family
- Locale, timezone, WC country, WC currency
- Multisite yes/no, HPOS enabled yes/no
- WCPOS version + edition (Free/Pro)
Store profile (banded, not exact)
days_since_install- Product count bucket (1–10, 11–100, 101–1000, 1000+)
- Order count bucket (same banding)
- POS user count
- Number of active payment gateways (count only, not names)
- Tax enabled yes/no, multi-currency yes/no
WCPOS feature usage
- Which WCPOS admin screens are opened and how often
- Binary flags: cashier accounts, decimal qty, POS-only products, custom barcode field
- Upgrade-to-Pro button impressions + clicks (critical for funnel optimisation)
- License activation attempts + outcomes
- Settings changes (which setting toggled, not the user who did it)
Identifiers (technical necessity, documented on the privacy page but not in the notice):
site_uuid — random per-installuser_uuid — random per-useruser_role
Explicitly never collected:
- Customer PII (names, emails, addresses, phone)
- Order line items, product names, SKUs, prices, totals
- Site URL / domain name
- Admin email
- Payment gateway names (count only)
- IP address (configure PostHog to drop this)
6. WCPOS branding sweep
Product name is WCPOS. Never "WooCommerce POS" in user-facing copy — UI, notices, settings labels, emails, docs, screenshots.
Cleanup pass:
grep -rn \"WooCommerce POS\" across the repo (excluding woocommerce-pos.php Plugin Name: header which must match the WP.org slug, and excluding .wiki/ which will be handled separately)- Known violations:
includes/Admin/Menu.php:316 ("Help improve WooCommerce POS"), includes/Admin/Menu.php:322 ("Allow WooCommerce POS to collect…")
- README, translation strings, release notes
- Use WCPOS Free / WCPOS Pro for edition distinctions
Technical identifiers stay unchanged (breaking these would break installs and translations): textdomain woocommerce-pos, plugin slug woocommerce-pos, option prefix woocommerce_pos_, namespace WCPOS\\WooCommercePOS\\.
Follow-up to #788 / #790. Those PRs added the opt-in tracking consent plumbing and moved the toggle to Settings → General → Privacy. This issue captures everything else we agreed on but didn't ship in those PRs.
1. Notice visibility on plugin activation
Right now the admin notice only appears on WooCommerce POS admin screens. Users who activate the plugin and never navigate there miss it.
register_activation_hook) flagging "consent prompt needed".2. Inline callout on Settings → General → Privacy
When
tracking_consent === 'undecided'and the user lands on Settings → General, render a small inline callout above the Privacy section prompting them to make a choice. Gives users who closed the admin notice a second chance to see it in context.3. Rewritten notice copy (friendly, all three data categories)
Replace the current admin-notice copy with the approved disclosure. Copy agreed with product:
The same copy (or a condensed version) should appear as the description on the Settings → Privacy section.
4. Privacy page on wcpos.com
Publish a public privacy page on wcpos.com covering:
Link to this page from the admin notice and the Settings → Privacy section. (Required for GDPR defensibility — the in-plugin copy is intentionally light, the public page carries the full disclosure.)
5. PostHog instrumentation scope
When implementing the actual telemetry, ship these three categories and nothing else:
Environment fingerprint
Store profile (banded, not exact)
days_since_installWCPOS feature usage
Identifiers (technical necessity, documented on the privacy page but not in the notice):
site_uuid— random per-installuser_uuid— random per-useruser_roleExplicitly never collected:
6. WCPOS branding sweep
Product name is WCPOS. Never "WooCommerce POS" in user-facing copy — UI, notices, settings labels, emails, docs, screenshots.
Cleanup pass:
grep -rn \"WooCommerce POS\"across the repo (excludingwoocommerce-pos.phpPlugin Name:header which must match the WP.org slug, and excluding.wiki/which will be handled separately)includes/Admin/Menu.php:316("Help improve WooCommerce POS"),includes/Admin/Menu.php:322("Allow WooCommerce POS to collect…")Technical identifiers stay unchanged (breaking these would break installs and translations): textdomain
woocommerce-pos, plugin slugwoocommerce-pos, option prefixwoocommerce_pos_, namespaceWCPOS\\WooCommercePOS\\.