orbit-gdprlisted

GDPR / personal-data compliance audit for a WordPress plugin — verifies that the plugin registers with `wp_privacy_personal_data_exporters` and `wp_privacy_personal_data_erasers` for any personal data it stores, declares cookies in the privacy policy template, and handles consent-mode correctly. Use when the user says "GDPR", "personal data export", "right to be forgotten", "privacy policy", "consent mode", or before any plugin release that handles user data.
adityaarsharma/orbit · ★ 1 · Testing & QA · score 55

Install: claude install-skill adityaarsharma/orbit

# 🪐 orbit-gdpr — GDPR / privacy compliance WordPress 4.9.6+ ships personal-data export/erase tools. Plugins that store personal data MUST register with them. Most plugins don't — until a user files a GDPR request and finds out. --- ## Quick start ```bash bash ~/Claude/orbit/scripts/check-gdpr-full.sh ~/plugins/my-plugin bash ~/Claude/orbit/scripts/check-gdpr-hooks.sh ~/plugins/my-plugin ``` Output: `reports/gdpr-<timestamp>.md`. --- ## What "personal data" means Any of: - Name, email, phone, address - IP address (yes — IP is personal data under GDPR) - User-agent + IP combo - Login times / IPs (if stored) - Form submissions - Comments / replies (WP core handles these — your plugin should NOT duplicate) - User preferences / settings linked to a user - Browsing behaviour / analytics events If your plugin stores ANY of the above → mandatory GDPR hooks. --- ## What this skill checks ### 1. Personal data exporter registered ```php add_filter( 'wp_privacy_personal_data_exporters', 'my_plugin_register_exporter' ); function my_plugin_register_exporter( $exporters ) { $exporters['my-plugin'] = [ 'exporter_friendly_name' => __( 'My Plugin', 'my-plugin' ), 'callback' => 'my_plugin_export_user_data', ]; return $exporters; } function my_plugin_export_user_data( $email_address, $page = 1 ) { $user = get_user_by( 'email', $email_address ); if ( ! $user ) return [ 'data' => [], 'done' => true ]; $data = []; // Pull every piece of p