Is your enhancement related to a problem? Please describe.
Summary
The Two Factor plugin collects and stores user data (e.g. phone numbers for SMS/TOTP secrets, backup codes, trusted device tokens) but does not currently implement the WordPress privacy policy content API introduced in WordPress 4.9.6.
Expected Behaviour
Per the WordPress Plugin Handbook, every plugin that collects, uses, or stores user data should call wp_add_privacy_policy_content( $plugin_name, $policy_text ) so that site administrators can pull the relevant information into their site's privacy policy.
Proposed Solution
Hook into admin_init and register suggested policy text covering at minimum:
- What personal data the plugin collects (e.g. TOTP secrets, backup codes, trusted
device tokens, phone numbers for SMS providers)
- How long that data is retained and where it is stored
- Whether any data is shared with third parties (e.g. SMS gateway providers)
- What rights users have over that data (deletion, export)
Designs
no design needed - default WP.
Describe alternatives you've considered
Please confirm that you have searched existing issues in this repository.
Yes
Is your enhancement related to a problem? Please describe.
Summary
The Two Factor plugin collects and stores user data (e.g. phone numbers for SMS/TOTP secrets, backup codes, trusted device tokens) but does not currently implement the WordPress privacy policy content API introduced in WordPress 4.9.6.
Expected Behaviour
Per the WordPress Plugin Handbook, every plugin that collects, uses, or stores user data should call
wp_add_privacy_policy_content( $plugin_name, $policy_text )so that site administrators can pull the relevant information into their site's privacy policy.Proposed Solution
Hook into
admin_initand register suggested policy text covering at minimum:device tokens, phone numbers for SMS providers)
Designs
no design needed - default WP.
Describe alternatives you've considered
Please confirm that you have searched existing issues in this repository.
Yes