﻿=== M Media Medigap Contact Wizard ===
Contributors: mmediasoftwarelab
Tags: medicare, medigap, insurance, lead generation, TCPA
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.0.3
License: GPL2
License URI: https://www.gnu.org/licenses/gpl-2.0.html

TCPA-compliant 5-step Medigap lead capture wizard. Every phone contact is consent-backed, timestamped, and audit-ready — out of the box.

== Description ==

**M Media Medigap Contact Wizard** is a conversion-optimized, **TCPA-compliant** lead generation system built specifically for Medicare and Medigap insurance professionals. It turns complex enrollment questions into an engaging multi-step wizard that dramatically improves completion rates compared to traditional contact forms — and every phone lead it produces is backed by a proper consent record you can stand behind.

= Key Features =

**TCPA-Compliant Lead Capture — Built In**

Phone leads from this form are TCPA-ready from day one:

* Explicit, standalone consent checkbox — separate from the Privacy Policy, never bundled with a purchase condition
* FCC-required disclosure language: names your agency, lists covered contact methods (calls, pre-recorded messages, SMS/MMS), and states consent is not required to receive a quote
* Phone field note tells prospects what they are consenting to before they reach the final step
* Every submission stores a full consent record as WordPress post meta: consent given (yes/no), Unix timestamp, submitter IP address, and the exact consent text presented at submission time
* Consent is optional — prospects who prefer email-only contact can leave the box unchecked; the form still submits

**5-Step Wizard Interface**

* Step 1: Contact Information (Name, Email, Phone, ZIP, State)
* Step 2: Medicare Status (Current enrollment, parts, existing coverage)
* Step 3: Needs & Concerns (Interests, timing, coverage requirements)
* Step 4: Health Details (Conditions, prescriptions, pharmacy preferences)
* Step 5: Preferences & Final Questions (Priorities, referral source, TCPA consent, privacy consent)

**Advanced Anti-Spam Protection**

* Honeypot field catches bots automatically
* Time-based submission validation (minimum 7-second completion)
* WordPress nonce security on all submissions
* No CAPTCHA needed

**Submission Management**

* All inquiries saved as a custom post type
* Easy-to-browse submissions dashboard in WordPress admin
* Full submission history with timestamps

**5 Email Delivery Options**

* Gmail OAuth — one-click connection, no passwords needed
* Email Provider Presets — auto-configured for Gmail, Outlook, Yahoo
* WordPress Mail — works with any existing SMTP plugin
* Server Mail — uses the server's built-in mail() function
* Custom SMTP — full manual configuration

**File Upload Support**

Prospects can optionally upload a prescription list (PDF, JPG, PNG, DOC, DOCX, TXT — 2 MB limit). The file is stored securely and linked in the submission record.

**Customization**

* Configurable primary color for buttons, progress bar, and links
* Custom success message with HTML support
* Responsive design works on all devices

= Shortcode =

`[mmcw_medigap_wizard]`

Add this to any page, post, or widget area.

= Perfect For =

Medicare agents and brokers, Medigap specialists, insurance agencies, Medicare enrollment centers, and lead generation sites that need audit-ready TCPA documentation on every phone lead.

== Installation ==

= Automatic Installation =

1. Log in to your WordPress admin panel.
2. Go to **Plugins > Add New**.
3. Search for "M Media Medigap Contact Wizard".
4. Click **Install Now**, then **Activate**.

= Manual Installation =

1. Download the plugin ZIP file.
2. Go to **Plugins > Add New > Upload Plugin**.
3. Choose the ZIP file and click **Install Now**.
4. Activate the plugin.

= Initial Setup =

1. Go to **Medigap Contact Wizard > Settings**.
2. Enter the **notification email address** where form submissions should be sent.
3. Choose your **email delivery method** (see below).
4. Pick a **primary color** to match your brand.
5. Add the shortcode `[mmcw_medigap_wizard]` to any page.
6. Click **Send Test Email** to confirm delivery is working.

= Email Setup: Choose One Method =

**Method 1 — Gmail OAuth (Recommended, Easiest)**

Best for anyone with a Gmail account.

1. Select **"Gmail Account (OAuth)"** in Settings.
2. Click the **"Connect with Gmail"** button.
3. Sign in to your Google account and click **Allow**.
4. Done — no passwords, no SMTP configuration required.

Emails are sent from your actual Gmail account and appear in your Gmail Sent folder. To disconnect at any time, click **"Disconnect Gmail"** in Settings. This requires a one-time Google Cloud project setup — see the [Gmail OAuth Setup Guide](https://www.mmediasoftwarelab.com/documentation/medigap-contact-wizard/configuration/).

**Method 2 — Email Provider Preset (Simple)**

Best for Gmail, Outlook, or Yahoo users who can generate an app password.

1. Select **"Email Provider"** in Settings.
2. Choose your provider (Gmail, Outlook, Yahoo, or Custom).
3. Enter your email address.
4. Generate an **App Password** from your provider and paste it in.

Host, port, and encryption are filled in automatically. Click **Send Test Email** to verify.

How to get an App Password:

* **Gmail:** Google Account → Security → 2-Step Verification (enable) → App Passwords → Create for "Mail".
* **Outlook:** Microsoft Account → Security → Advanced Security → App Passwords.
* **Yahoo:** Account Security → Manage App Passwords → Other app.

**Method 3 — WordPress Mail**

If you already have WP Mail SMTP, Postman, or a similar plugin configured, select **"WordPress Mail"**. The wizard uses whatever transport your SMTP plugin provides — no additional configuration needed.

**Method 4 — Server Mail**

Uses PHP's built-in `mail()` function. Works on most shared hosting. Select **"Server Mail"** — no further configuration needed. Not recommended if you are experiencing email delivery problems.

**Method 5 — Custom SMTP**

Full manual configuration for any SMTP server (SendGrid, Mailgun, Amazon SES, etc.).

1. Select **"Custom SMTP"** in Settings.
2. Enter your **SMTP Host**, **Port**, **Username**, and **Password**.
3. Choose your **encryption** (TLS is recommended).
4. Click **Send Test Email** to verify.

Common port and encryption combinations:

* Port 587 + TLS (recommended for most providers)
* Port 465 + SSL
* Port 25 + None (local/internal servers only)

== Frequently Asked Questions ==

= How do I add the form to my website? =

Add the shortcode `[mmcw_medigap_wizard]` to any page, post, or widget. In the block editor, use a **Shortcode** block.

= Which email method should I use? =

For most users: **Gmail OAuth** if you have a Gmail account. If you already have an SMTP plugin installed, use **WordPress Mail** — zero extra setup. If you need maximum reliability without Gmail, use **Custom SMTP** with a transactional email provider like SendGrid or Mailgun.

= I connected Gmail OAuth but emails are not arriving. What do I check? =

1. Go to **Medigap Contact Wizard > Settings** and confirm the connected Gmail address is correct.
2. Click **Disconnect Gmail**, then reconnect.
3. If you set up the Google Cloud project yourself, confirm the OAuth consent screen is published (not in Testing mode).

See the full [Gmail OAuth Setup Guide](https://www.mmediasoftwarelab.com/documentation/medigap-contact-wizard/configuration/) for Google Cloud project configuration steps.

= My test email is not arriving. What should I do? =

1. Check your spam or junk folder.
2. Confirm the notification address is correct in Settings.
3. Try a different email method — if WordPress Mail works but Custom SMTP does not, double-check your host, port, and credentials.
4. Check your server's mail logs or contact your hosting provider.

= Can I customize the form colors? =

Yes. Go to **Medigap Contact Wizard > Settings** and use the color picker to set your primary color. This applies to buttons, the progress bar, and interactive elements.

= Where are submissions stored? =

All submissions are saved as a WordPress custom post type. View them at **Medigap Contact Wizard > Submissions**. They are also emailed to your configured notification address.

= How does the anti-spam protection work? =

Three layers of invisible protection — no CAPTCHA required:

1. **Honeypot field** — bots fill it, humans never see it.
2. **Time validation** — submissions completed in under 7 seconds are rejected as bot activity.
3. **WordPress nonce** — CSRF protection on every submission.

= What file types can prospects upload? =

PDF, JPG, JPEG, PNG, DOC, DOCX, and TXT. Maximum file size is 2 MB. Files are stored in `/wp-content/uploads/medicare_rx/` with a unique ID prefix for security.

= Does the form work with page builders? =

Yes — Elementor, Divi, Beaver Builder, WPBakery, and all others that support shortcodes.

= Is the form mobile-friendly? =

Yes. The wizard is fully responsive and tested on iOS and Android browsers.

= Is the form TCPA compliant? =

Yes. Version 1.0.2 adds full TCPA compliance out of the box:

* A standalone consent checkbox with FCC-required disclosure language appears in Step 5, before the Privacy Policy.
* The phone field includes a note informing prospects they may be contacted by phone or text.
* Consent is never required as a condition of receiving a quote (FCC rule).
* Every submission saves a consent record to WordPress post meta: `_tcpa_consent_given`, `_tcpa_consent_timestamp`, `_tcpa_consent_ip`, and `_tcpa_consent_text` (the exact language shown at submission time).

This gives you the audit trail needed to demonstrate prior express written consent. Always consult a licensed TCPA attorney for advice specific to your business.

= Is it GDPR compliant? =

The plugin includes a required privacy policy consent checkbox and an optional "no marketing" checkbox. You are responsible for maintaining a privacy policy page on your site.

= Can I export submissions? =

Submissions are stored as standard WordPress posts, so any export plugin (e.g., WP All Export) will work. You can also copy data directly from individual submission records in the admin.

= How do I change the success message? =

Go to **Medicare Wizard > Settings** and edit the "Success Message" field. HTML is supported.

= How do I get support? =

Visit [M Media Software Lab Support](https://www.mmediasoftwarelab.com/support/).

== Screenshots ==

1. General Settings — branded interface with color picker, intro text, success message, and notification email
2. Customize Questions — toggle any field on/off and override labels across all 5 wizard steps, no code required
3. Shortcode & Submissions Summary — copy the shortcode and preview recent leads right from the settings screen
4. Email Method 1: WordPress Mail — routes through any active SMTP plugin (WP Mail SMTP, Postmark, SendGrid) automatically
5. Email Method 2: Server Mail — direct PHP mail() delivery for properly configured server environments
6. Email Method 3: Custom SMTP — manual host, port, username, and encryption config for any mail server or provider
7. Email Method 4: Provider Presets — auto-filled SMTP settings for Gmail, Outlook, Yahoo, and other common providers
8. Email Method 5: Gmail OAuth (connected) — verified account displayed with one-click disconnect, no stored passwords
9. Gmail OAuth Setup (disconnected) — step-by-step built-in guide with copyable redirect URI, nothing to Google
10. Gmail OAuth Credentials — Client ID and Client Secret entry fields for completing the OAuth handshake
11. Submissions Dashboard — all leads stored as WordPress posts with sortable columns, date, and search
12. Submission Detail — complete prospect record: contact info, Medicare status, health details, and file attachment
13. Test Email — send a test message after any config change; green banner on success, error detail on failure
14. Step 1: Contact Information — name, email, phone, ZIP, and state with progress bar and clean layout
15. Step 2: Medicare Status — current enrollment, which parts, and whether the prospect already has a Medigap plan
16. Step 3: Needs & Concerns — touch-friendly multi-select chip buttons for coverage interests and priorities
17. Step 4: Health Details — health conditions, preferred pharmacy, and optional prescription file upload
18. Step 5: Preferences & Final Questions — plan priorities, how they found you, marketing opt-out, TCPA consent checkbox with FCC disclosure language, and privacy policy consent
19. Success Message — personalized confirmation screen with customizable text shown immediately after submission

== Changelog ==

= 1.0.3 - April 5, 2026 =
* Update: Marketing copy and plugin description refresh

= 1.0.2 - April 2, 2026 =
* Add: TCPA-compliant consent checkbox on final wizard step
* Add: Phone field disclosure note referencing the consent
* Add: TCPA consent record-keeping (given flag, timestamp, IP, consent text) stored as post meta on each submission

= 1.0.1 - March 22, 2026 =
* Fix: Lowercase custom post type slug to resolve "Invalid post type" error in WordPress admin

= 1.0.0 - January 8, 2026 =
* Initial release
* 5-step wizard interface with progress tracking
* Anti-spam protection (honeypot + time-based validation)
* Custom post type submission management
* Email notifications with 5 delivery methods (Gmail OAuth, provider presets, WordPress Mail, Server Mail, Custom SMTP)
* File upload support for prescription lists
* Configurable primary color and success message
* Conditional field visibility
* Privacy policy consent and marketing opt-out
* Responsive design
* WordPress 6.9 compatible

== External Services ==

This plugin optionally connects to Google's OAuth 2.0 and Gmail API services when the **Gmail OAuth** email delivery method is selected. This feature is entirely optional — other email methods (WordPress Mail, SMTP, etc.) do not contact any external service.

**Google OAuth 2.0 & Gmail API**

* **What it is:** Google's authentication and email-sending service.
* **What it is used for:** Authenticating the site administrator's Google account and sending notification emails through that Gmail account on their behalf.
* **What data is sent and when:**
  * During setup: the administrator is redirected to Google's consent screen (`accounts.google.com`) to grant the plugin permission to send email. Google returns an authorization code and access/refresh tokens to the WordPress admin.
  * When sending a notification email: the email content (recipient address, subject, and body containing form submission data) is transmitted to `gmail.googleapis.com` to be delivered. This only occurs when a visitor submits the contact form.
  * Token refresh requests (OAuth access token renewal) are sent to `oauth2.googleapis.com`.
  * A one-time request is made to `www.googleapis.com/oauth2/v2/userinfo` during setup to retrieve and display the connected Gmail address in Settings.
* **Data stored locally:** Access tokens and refresh tokens are stored in the WordPress options table (`wp_options`) and are never transmitted to any service other than Google.
* **Google's Terms of Service:** https://policies.google.com/terms
* **Google's Privacy Policy:** https://policies.google.com/privacy
* **Google API Services User Data Policy:** https://developers.google.com/terms/api-services-user-data-policy

No other external services are contacted by this plugin. All form submissions are stored locally in your WordPress database.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
