=== Loxa Insurance for WooCommerce ===
Contributors: loxa
Tags: insurance, product protection, warranty, woocommerce
Requires at least: 5.8
Tested up to: 6.7
Stable tag: 1.0.4
Requires PHP: 7.4
WC requires at least: 7.0
WC tested up to: 9.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Add insurance protection plans to WooCommerce products with Loxa.

== Description ==

Loxa Insurance for WooCommerce allows you to offer product protection and insurance plans directly on your product pages. Customers can add insurance cover when purchasing products, with plans displayed as inline badges and a detailed sidebar.

**Features:**

* Addon, inclusive, and hybrid insurance integration types
* Sidebar panel with plan details and selection
* Automatic cart management (linked insurance items)
* Support for simple and variable products
* Configurable exclusion tags
* Custom CSS support
* Analytics tracking
* Second-chance flow (prompt at add-to-cart)
* HPOS (High-Performance Order Storage) compatible
* Dummy payload mode for testing

== Installation ==

1. Upload the `loxa-woocommerce-insurance` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to WooCommerce > Settings > Integration > Loxa Insurance
4. Enter your API Key and HMAC Secret (provided by Loxa)
5. Check "Generate Insurance Product" and save to create the virtual insurance product
6. Configure selectors and appearance as needed

== Frequently Asked Questions ==

= Do I need a Loxa account? =

Yes, you need API credentials from Loxa to use this plugin. Contact sales@loxacover.com.

= Does this work with variable products? =

Yes. The plugin detects WooCommerce variation changes and fetches insurance pricing for each variant.

= Is the insurance product visible in my shop? =

No. The virtual insurance product (SKU: loxa-insurance) is hidden from your catalog and search results.

== Privacy ==

This plugin communicates with external Loxa services to provide insurance pricing and analytics.

= Data sent to the Loxa Pricing API =

When a customer views a product page, the plugin sends the product SKU, title, and price to the Loxa API to retrieve available insurance plans. No personal customer data is included in pricing requests.

= Data sent to the Loxa Analytics API =

When analytics is enabled, the plugin sends interaction events (e.g. sidebar opened, plan selected) along with:

* A SHA-256 hash of the visitor's IP address (the raw IP is never transmitted)
* The visitor's user agent string
* Product and session identifiers

This data is used to measure insurance offer engagement. The analytics endpoint URL and API key are configured in the plugin settings.

= Third-party services =

* **Loxa API** — pricing and analytics endpoints configured in WooCommerce > Settings > Integration > Loxa Insurance. See [Loxa Privacy Policy](https://www.loxacover.com/privacy-policy) for details on how data is handled.

No data is sent to any other external service. All plugin assets (images, fonts, scripts) are bundled locally.

== Changelog ==

= 1.0.4 =
* Security: bundle logo SVG locally instead of loading from external CDN
* Security: remove nonce from cached proxy URL — nonce is now attached at request time by JavaScript
* Security: improve custom CSS sanitization (strip expression(), javascript URLs, behavior, -moz-binding, @import)
* Security: add nonce verification to analytics AJAX endpoint
* Security: remove @ error suppression on php://input read
* Security: add transient-based rate limiting (30 req/min per IP) on price and analytics endpoints
* Improvement: convert base64-embedded TTF fonts to external WOFF2 files (262 KB to 69 KB)
* Improvement: add font-display: swap for better loading performance
* Improvement: move admin order meta inline styles to CSS classes and wrap output in wp_kses_post()
* Improvement: wrap hardcoded sidebar strings in translation functions for i18n
* Improvement: add Privacy section to readme documenting external data transmission

= 1.0.3 =
* Change "See Details" link font-weight to medium (500)

= 1.0.2 =
* Change "See Details" link colour from blue to black

= 1.0.1 =
* Fix: harden "See Details" link against theme button style overrides
* Fix: prevent lime/bright text colours from theme bleeding into plugin elements
* Fix: reset list margins inside plugin containers

= 1.0.0 =
* Initial release
* Addon, inclusive, and hybrid insurance integration types
* Sidebar panel with plan details and selection
* Automatic cart management with linked insurance items
* Support for simple and variable products
* HMAC signature verification on cart add to prevent price tampering
* HPOS (High-Performance Order Storage) compatible
* Configurable exclusion tags, custom CSS, and analytics tracking
* Second-chance flow at add-to-cart
* Dummy payload mode for testing without API
