=== Agurel KVKK Compliance and Cookie Bar ===
Contributors: ahmtgurel
Donate link: https://kreosus.com/agurel
Tags: kvkk, cookie, consent, privacy, gdpr
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.2
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Cookie consent bar and privacy notice generator for WordPress, designed with KVKK (Turkish Data Protection Law) requirements in mind.

== Türkçe Özet ==

Bu eklenti, Türkiye'deki web sitelerinin 6698 sayılı KVKK ve KVK Kurulu Çerez Kılavuzu kapsamındaki
yükümlülüklere yönelik adımlar atmasına yardımcı olmak amacıyla geliştirilmiştir. KVKK mevzuatı
dikkate alınarak tasarlanmış bir çerez onay barı, Google Consent Mode v2 entegrasyonu
(GTM veya gtag.js), şirket bilgilerinize göre otomatik oluşan bir KVKK aydınlatma metni üretici ve
onay istatistikleri paneli içerir. Eklenti modülerdir: sadece çerez barını, veya çerez barı ile
birlikte GA4 entegrasyonunu kullanabilir; KVKK metni üreticisini hiç kullanmadan kendi
avukatınızın hazırladığı metni de sayfanıza ekleyebilirsiniz.

Bu metin ve eklenti hukuki danışmanlık niteliği taşımaz; profesyonel bir hukuk danışmanına
başvurmanız önerilir.

Bu eklenti tamamen ücretsizdir. Faydalı bulduysanız ve destek olmak isterseniz:
https://kreosus.com/agurel

== Description ==

A WordPress plugin designed to help Turkish websites address the requirements of the KVKK (Law No. 6698 on Protection of Personal Data) and the Cookie Guidelines published by the Personal Data Protection Authority (KVKK Board).

Developed by a Turkish developer for the Turkish WordPress community.

This plugin is completely free. If you find it useful and would like to support its development, you can do so here: https://kreosus.com/agurel

Features:

* Cookie consent bar designed with KVKK requirements in mind (fixed bottom bar, responsive)
* Accept All / Reject All / Cookie Settings button layout
* Google Consent Mode v2 support (GTM and direct gtag.js)
* Automatic KVKK privacy notice generator based on company info
* TinyMCE editor for manual text editing
* Data category selection (general, physical, special category data)
* Consent statistics dashboard with date range filter
* Per-user disclaimer acceptance log
* Shortcode support: [kvkk_aydinlatma_metni]
* Application method toggles (mail, KEP, email)

== Installation ==

1. Upload the plugin to the wp-content/plugins/ directory
2. Activate the plugin from the Plugins menu in WordPress admin
3. Click KVKK in the left menu
4. Accept the disclaimer and fill in your company information

== Frequently Asked Questions ==

= Is the generated privacy notice legal advice? =

No. The generated text is a starting point based on general KVKK requirements. It does not constitute professional legal advice. **We strongly recommend that your KVKK privacy notice is reviewed or prepared by a qualified lawyer before publishing.** This applies both to the auto-generated text and any custom text you write yourself.

= Do I have to use the privacy notice generator? =

No. The plugin is modular and the privacy notice generator is entirely optional. You can use:

* Only the cookie consent bar (default), or
* The cookie consent bar together with GA4 / Consent Mode v2, or
* The cookie consent bar with custom script blocking (Meta Pixel, Hotjar, etc.)

— in any case, without ever using the [kvkk_aydinlatma_metni] shortcode. If you already have a privacy notice prepared by a lawyer, simply add that text to your page directly.

= How do I link my own KVKK privacy notice page in the cookie bar? =

Go to Cookie Settings (Çerez Ayarları) in the plugin panel and enter the URL of your KVKK privacy notice page. The cookie bar will link to that page. **We strongly recommend that this page contains a privacy notice prepared by a qualified lawyer.**

= I edited the generated text manually. Will it update automatically when I change company info or data categories? =

No. Once you manually edit the privacy notice text, it is treated as your custom text and is no longer regenerated automatically. If you change your company information or data categories afterwards, go to the "KVKK Metni" page and click "Otomatik Oluştur" (Auto-Generate) again to refresh the text, or edit it manually.

= Why does the disclaimer screen appear again after I deactivate/reactivate the plugin, or when a different user logs in? =

The disclaimer acceptance is recorded per WordPress user. If a different user logs in, they have not yet accepted it, so it will be shown to them. Deactivating the plugin resets the acceptance records (the permanent file log is not affected), so reactivating the plugin will show the disclaimer again for all users.

= Are cookies off by default? =

Yes. As required by the KVKK Cookie Guidelines, analytics and marketing cookies are disabled by default. Only essential cookies are always active.

= Why are all three cookie bar buttons the same color? =

This is intentional. The KVK Board's guidelines prohibit manipulative design patterns (dark patterns) — for example, making the "Accept" button large and green while hiding the "Reject" button. All three buttons (Accept All, Reject All, Cookie Settings) are displayed in the same neutral color and size so that no option is visually prioritized over another.

= What happens when a visitor clicks "Tümünü Kabul Et" (Accept All)? =

All cookie categories (essential, analytics, marketing) are enabled. If GA4 integration is active, Consent Mode v2 signals (analytics_storage, ad_storage, etc.) are updated to "granted". Any custom blocked scripts are also loaded at this point.

= What happens when a visitor clicks "Tümünü Reddet" (Reject All)? =

Only essential cookies remain active; analytics and marketing cookies stay disabled. If GA4 integration is active, Consent Mode v2 signals remain "denied". Custom scripts are not loaded.

= What happens when a visitor closes the bar with the X button without choosing? =

The site continues with only essential cookies — analytics and marketing remain off. The choice is saved as a cookie so the bar will not appear again on subsequent visits. This is not recorded as an explicit "Reject" but consent is not granted either.

= Can visitors change their cookie preferences later? =

Yes. Add the [kvkk_tercih_butonu] shortcode to your footer or any page. It displays a "Çerez Tercihlerimi Yönet" button — clicking it reopens the cookie bar so the visitor can update their preferences at any time.

= Which integration mode should I choose? =

The plugin offers three scenarios in the GA4/Script settings page:

* **Cookie Bar only (default):** If you do not use any analytics or advertising tools. Shows the consent bar for legal compliance only.
* **GA4 / Consent Mode v2:** If you use Google Analytics or Google Ads. GA4 Consent Mode v2 signals are updated according to the visitor's consent choice.
* **Custom Script Blocking:** If you use Meta Pixel, Hotjar, LinkedIn Insight, or other third-party tools. Paste the script code and it will only load after the visitor gives consent.

= What is the difference between Consent Mode v2 and Custom Script Blocking? =

Consent Mode v2 loads the GA4/GTM script immediately but sends a "denied" signal — the script runs but collects no personal data. Custom Script Blocking is stricter: the script is not loaded at all until the user clicks "Accept". For the highest level of prior consent compliance, use Custom Script Blocking.

= How long is consent stored? =

Default is 180 days (6 months), configurable from the admin panel.

= Does this plugin support WooCommerce? =

Not at this time. WooCommerce-specific features are planned for a future release. The cookie consent bar and privacy notice generator work on WooCommerce sites, but WooCommerce-specific integrations are not yet included.


== External Services ==

This plugin optionally connects to Google's services when the GA4 Integration feature is enabled by the site administrator. This feature is disabled by default.

= Google Tag Manager =
* **What it is:** A tag management system by Google.
* **When it is used:** Only when the administrator enables GA4 Integration and selects "Google Tag Manager" mode, entering a GTM Container ID.
* **What data is sent:** Standard browser and page data as defined by Google Tag Manager and the tags configured within it.
* **Terms of Service:** https://marketingplatform.google.com/about/analytics/terms/us/
* **Privacy Policy:** https://policies.google.com/privacy

= Google Analytics (gtag.js) =
* **What it is:** Google's analytics tracking library.
* **When it is used:** Only when the administrator enables GA4 Integration and selects "Direct gtag.js" mode, entering a GA4 Measurement ID.
* **What data is sent:** Standard analytics data (page views, browser info, anonymized IP) as defined by Google Analytics.
* **Terms of Service:** https://marketingplatform.google.com/about/analytics/terms/us/
* **Privacy Policy:** https://policies.google.com/privacy

No data is sent to any external service when GA4 Integration is disabled (default state).

== Changelog ==

= 1.1.2 =
* Cookie bar button colors equalized to neutral gray — all three buttons now have the same color and visibility, consistent with KVK Board dark pattern guidelines
* Added Script Blocking mode — GA4/GTM scripts are not loaded at all until user accepts (stricter than Consent Mode v2)
* Added Custom Script Blocking field — paste Meta Pixel, Hotjar, LinkedIn Insight or any other third-party script; it will only load after consent is given
* Added FAQ entries for Script Blocking and WooCommerce support status

= 1.1.1 =
* Updated Author display to "Ahmet Gurel" with LinkedIn link, consistent with the developer's other plugin

= 1.1.0 =
* Softened "compliant" wording in the description and Turkish summary to "designed with KVKK requirements in mind" / "mevzuata yönelik" — avoiding an absolute compliance claim, consistent with the disclaimer that this is not legal advice

= 1.0.9 =
* Added a note that the plugin is free and a support/donation link (Kreosus) to both the readme and the dashboard footer

= 1.0.8 =
* Added Donate link (Kreosus)
* Added Turkish summary section to the readme
* Expanded FAQ: legal disclaimer notice, modular usage without the privacy notice generator, manual text editing behavior, disclaimer re-acceptance after deactivation, and detailed cookie bar button behaviors

= 1.0.7 =
* Disclaimer acceptance records are now reset on plugin deactivation, so the disclaimer is shown again on reactivation or reinstall
* Added "accepted_version" column to the disclaimer log table and display it in the admin log table
* Renamed "Aktif Kurulum Kayıtları" to "Aktif Kurulum Onay Kayıtları" and simplified the persistent log description
* Added a note on the KVKK Text page clarifying that users with their own lawyer-prepared privacy notice do not need to use the shortcode

= 1.0.6 =
* Reworded the persistent log explanation text on the "Onay Kayıtları" page for clarity

= 1.0.5 =
* Updated plugin display name to "Agurel KVKK Compliance and Cookie Bar"
* Updated description to mention it is developed by a Turkish developer
* Renamed admin menu to "Agurel KVKK & Cookie Bar"
* Added plugin version display on the dashboard page

= 1.0.4 =
* The persistent file log now includes the plugin version at the time of acceptance

= 1.0.3 =
* Added uninstall.php to remove database tables and settings on plugin deletion
* The persistent file log (uploads/kvkk-disclaimer-log.txt) is preserved across uninstall/reinstall
* The persistent file log is now displayed (read-only) on the "Onay Kayıtları" admin page

= 1.0.2 =
* Limited representative entries to a maximum of 3
* Added a reminder when company info or data categories change but the privacy notice text has been manually edited
* Added KVKK Board (KVK Kurulu) guidance notes for camera, audio recording, and biometric data categories

= 1.0.1 =
* Per-user disclaimer log
* Dashboard date range filter
* Application method toggles
* Strengthened privacy notice text
* Phone number validation

= 1.0.0 =
* Initial release

== Upgrade Notice ==

= 1.0.1 =
Adds per-user disclaimer logging and application method toggles.
