外掛標籤
開發者團隊
原文外掛簡介
Darwin Cookie Consent shows visitors a clear cookie banner, lets them choose what to accept, and sends those choices to your analytics and marketing tools through Google Consent Mode v2. No tracking runs until consent is given.
The plugin includes admin controls for legal links, appearance, integrations, localized frontend messaging, and privacy-safe reporting.
Key Features
GDPR cookie consent banner and settings modal
Google Consent Mode v2 support
Editable localized content for English, French, German, and Spanish
Automatic content selection by WordPress site locale
WordPress editor support for the banner message and modal intro
Configurable legal page links for privacy, terms, and cookie policy
Integration controls for Google Tag Manager, GA4, Matomo, Facebook Pixel, LinkedIn Insight Tag, and Pardot
Separate Ad Personalization consent handling
Required Strictly Necessary Cookies row always enabled in the popup
Aggregate admin metrics for recent banner views and accepts
Resettable metrics counters with no personal data stored in the metrics table
Consent Categories
Strictly Necessary Cookies: always required and always enabled
Analytics: used for analytics tools such as Google Analytics and Matomo
Marketing: used for marketing-related tracking integrations
Ad Personalization: handled separately from general marketing consent
Privacy and Data Handling
Localized content is stored in WordPress options
Consent metrics store aggregate daily counts only — no personal identifiers are stored in the metrics table
The consent log table stores a SHA-256 hash of the visitor IP address and the browser user agent alongside the encoded consent payload; no plain-text IP addresses are stored
Consent Mode signals are updated based on saved user choices
No data is transmitted to the plugin author or any third-party service by this plugin itself
External Services
This plugin can load scripts from third-party services when those integrations are configured in the plugin settings. No external requests are made unless the corresponding integration is enabled by the site administrator.
Google Tag Manager
When a GTM container ID is provided, this plugin loads the Google Tag Manager script from googletagmanager.com. Google Consent Mode defaults are applied before GTM loads so that no tracking occurs without user consent.
Data sent: page URL and GTM container ID as part of the script request.
When: on every frontend page load, only if a GTM container ID is configured.
Service provider: Google LLC — Terms of Service | Privacy Policy
Google Analytics (GA4)
When a GA4 measurement ID is provided and GTM is not in use, this plugin loads the gtag.js script from googletagmanager.com. The script only fires after measurement consent is granted.
Data sent: page URL and measurement ID as part of the script request.
When: on every frontend page load after measurement consent is granted, only if a GA4 ID is configured.
Service provider: Google LLC — Terms of Service | Privacy Policy
Google Fonts
When the default plugin font is selected, this plugin loads the Roboto typeface from Google Fonts. The stylesheet is fetched from fonts.googleapis.com and the font files are served from fonts.gstatic.com. A preconnect resource hint is also added for both domains.
Data sent: browser and referrer information as part of the font request (standard browser HTTP headers).
When: on every frontend page load when the default font option is active.
Service provider: Google LLC — Terms of Service | Privacy Policy
Facebook Pixel
When a Facebook Pixel ID is provided, this plugin loads the Facebook Pixel script from connect.facebook.net. The script only fires after marketing consent is granted.
Data sent: page URL and pixel ID as part of the script request.
When: on every frontend page load after marketing consent is granted, only if a Pixel ID is configured.
Service provider: Meta Platforms, Inc. — Terms of Service | Privacy Policy
LinkedIn Insight Tag
When a LinkedIn Partner ID is provided, this plugin loads the LinkedIn Insight Tag from snap.licdn.com. The script only fires after marketing consent is granted.
Data sent: page URL and partner ID as part of the script request.
When: on every frontend page load after marketing consent is granted, only if a Partner ID is configured.
Service provider: LinkedIn Corporation — Terms of Service | Privacy Policy
Salesforce Pardot
When Pardot account and campaign IDs are provided, this plugin loads the Pardot tracking script from pi.pardot.com. The script only fires after marketing consent is granted.
Data sent: page URL and account/campaign IDs as part of the script request.
When: on every frontend page load after marketing consent is granted, only if Pardot IDs are configured.
Service provider: Salesforce, Inc. — Terms of Service | Privacy Policy
Matomo
When a Matomo URL and site ID are provided, this plugin loads the Matomo tracking script from the configured Matomo instance. The script only fires after measurement consent is granted.
Data sent: page URL and site ID to the configured Matomo instance.
When: on every frontend page load after measurement consent is granted, only if Matomo is configured.
Service provider: InnoCraft Ltd — Terms of Service | Privacy Policy
Privacy Policy
This plugin stores data locally in your WordPress database only. No data is transmitted to the plugin author or any third-party service by this plugin itself.
Data stored locally
Consent log table ({prefix}darwin_gdpr_consent_log): When a visitor saves their consent choices, the plugin records a SHA-256 hash of the visitor’s IP address, the browser user-agent string, and the encoded consent payload. No plain-text IP addresses are stored. Entries are automatically deleted after the configured retention period (default: 180 days).
Aggregate metrics table ({prefix}darwin_gdpr_metrics): Stores daily totals of banner views and consent accepts as integer counts. No visitor identifiers of any kind are stored in this table.
Plugin options: Localized content strings and appearance settings are stored in the WordPress options table. These contain no visitor data.
Third-party service data
When optional integrations are configured by the site administrator, scripts from third-party services are loaded in the visitor’s browser. Those services may collect data as described in their respective privacy policies, which are linked in the External Services section above. No data is sent to those services until the visitor grants the relevant consent category.
Site administrators should ensure their own privacy policy reflects the data practices described above, particularly the storage of hashed IP addresses and user-agent strings in the consent log.
