Snoodlr AI Assistant for WooCommerce

Snoodlr AI Assistant for WooCommerce connects a WordPress site to Snoodlr’s external AI assistant service after explicit administrator authorization.

Version 0.1.5 provides the local plugin bootstrap, activation/deactivation handlers, settings defaults, permission-gated admin screens, nonce-protected admin view state, local admin assets, local database tables, local source detection and confirmation, signed query routes, optional WooCommerce commerce routes, and optional frontend widget enablement.

Before an administrator connects Snoodlr, the plugin does not contact Snoodlr from WordPress, auto-inject a widget, require WooCommerce, copy full site content to Snoodlr, call AI/LLM APIs from WordPress, add analytics or tracking, or process online payments.

External Services

Snoodlr is an external AI assistant service. This plugin connects to Snoodlr only after an administrator explicitly clicks Connect to Snoodlr during setup.

Data shared with or exchanged with Snoodlr is limited to these categories:

• Connection onboarding. The hosted Snoodlr onboarding route at https://app.snoodlr.com/en/app/integrations/wordpress/connect receives the site URL, WordPress admin URL, callback URL, plugin version, WordPress version, PHP version, locale, timezone, site name, generated site public ID, WooCommerce active flag, connection state value, and source identifier. Because the administrator’s browser opens Snoodlr’s hosted onboarding page, Snoodlr may also receive standard browser request metadata such as IP address, user agent, and referrer.
• Connection callback and credentials. Snoodlr returns a connection status, connection ID, connection secret when provided, and widget public key when provided. These values are stored locally in WordPress. The connection secret is used for HMAC request signing and is not exposed to frontend JavaScript.
• Connection verification and disconnect. WordPress admin status screens may call https://api.snoodlr.com/v1/public/wordpress/connection-verify. Disconnecting may call https://api.snoodlr.com/v1/public/wordpress/connection-disconnect. These calls send the Snoodlr connection ID, timestamp, nonce, HMAC signature, and, for disconnect, a disconnect reason and source identifier.
• Signed health and capability responses. After connection, Snoodlr may send signed requests to the local WordPress REST routes. WordPress may return plugin version, schema version, table verification status, indexed/dirty/failed object counts, last indexed time, enabled source-role counts, entity and mention counts, widget enabled/supported status, WooCommerce availability, commerce capability names, currency, and whether query routes are ready.
• Signed content query responses. Snoodlr may send search queries, entity subjects, object IDs, WordPress object IDs, object kind/subtype filters, role filters, language, sort, limits, and an include_body flag. WordPress may return the echoed sanitized query parameters, relevant result IDs, WordPress object IDs, object kind/subtype, title, sanitized snippet or summary, URL, source role, published/modified dates, matched fields, evidence notes, relevance score, entity IDs, canonical entity names, entity type, confidence, source count, ambiguity candidates, primary context, latest updates, reference context, and, only when include_body is requested, a sanitized body excerpt limited by the plugin.
• Signed WooCommerce product responses. If WooCommerce is active, Snoodlr may send product search text, filters, product ID, variation ID, quantity, requested attributes, order/sort values, and stock/category/tag filters. WordPress may return public product evidence including product ID, variation ID, product title, summary, URL, image URL, price, regular price, sale price, display price, currency, stock status, availability, published/modified dates, product attributes, categories, tags, matched fields, relevance score, and diagnostic counts for the product search.
• Pending order and order status flows. If a visitor asks Snoodlr to create a pending order, Snoodlr sends the requested items, product IDs, variation IDs, quantities, attributes, customer name, customer email or phone, billing address fields, shipping address fields, and customer note to WordPress. WordPress creates a pending WooCommerce order and returns only the order ID, order number, status, total, currency, and created time. For order status, Snoodlr sends an order ID or order number plus an email or phone verification value; WordPress returns the same minimal order fields after verification.
• Optional frontend widget. The frontend widget is disabled by default. If an administrator enables it after connecting Snoodlr, the plugin loads a local bootstrap script that loads Snoodlr’s hosted widget from https://app.snoodlr.com/widget/loader.js on public site pages. The local bootstrap exposes only widget URL, API base URL, widget public key, plugin version, locale, and widget position to frontend JavaScript. Widget API calls use https://api.snoodlr.com. Visitor conversations in the widget, and any information visitors type into the widget such as names, contact details, product requests, order requests, or order verification details, are processed by Snoodlr. Loading the hosted widget can also share standard browser request metadata with Snoodlr, such as IP address, user agent, and referrer/current page URL depending on browser policy.

The plugin creates local indexing tables inside WordPress and lets administrators confirm which detected content sources may be indexed locally. Source choices start disabled and are enabled only after an administrator saves selected sources. Full site content, full product catalogs, posts, pages, custom post types, existing orders, customers, and coupons are not bulk-copied to Snoodlr by default.

When WooCommerce is installed, signed commerce routes can search locally indexed enabled product sources, check live product availability, create pending WooCommerce orders, and return minimal verified order status. Availability, price, stock, order creation, and order status use live WooCommerce APIs. The plugin does not process payment and does not return full customer profiles, full addresses for existing orders, private order notes, or payment metadata. Administrators can disconnect or revoke local access credentials without deleting local index tables or confirmed sources.

Administrators can disable the widget at any time. The plugin does not add hidden frontend credits, tracking pixels, analytics scripts, remote fonts, or unrelated third-party scripts.

Snoodlr Terms of Use: https://app.snoodlr.com/en/terms-of-use
Snoodlr Privacy Policy: https://app.snoodlr.com/en/privacy-policy

Privacy and Data Processing

The plugin stores source confirmations, local index rows, entity mentions, connection status, signed API metadata, and widget settings inside WordPress.

Local indexing is limited to administrator-enabled, confirmed public sources. Drafts, private content, password-protected content, failed rows, not-indexable rows, orders, customers, and coupons are excluded from local content indexing.

Signed query routes return structured evidence only. They do not return full body text by default. Object requests with include_body return a limited sanitized excerpt, not unlimited raw content.

If the optional widget is enabled, visitor conversations occur through Snoodlr’s hosted widget and are processed by Snoodlr. The plugin exposes only non-secret widget configuration to the frontend: widget URL, API base URL, widget public key, plugin version, locale, and position.

WooCommerce Support

WooCommerce is optional. The plugin activates and its settings pages work without WooCommerce.

When WooCommerce is active and available, signed commerce routes can search locally indexed enabled product sources, check live availability and price, create pending orders, and return verified minimal order status. Product search may use local discovery snapshots, but availability, price, stock, pending-order creation, and order status are checked through live WooCommerce APIs.

The plugin does not process payments, mark orders paid, export the catalog, expose broad order search, return full customer profiles, or expose payment metadata/private order notes.

Disconnect and Uninstall

Disconnecting Snoodlr removes local connection credentials and prevents signed Snoodlr requests from authenticating. It does not remove local index tables, confirmed sources, or plugin settings.

Uninstall removes plugin options including connection credentials, settings, schema status, API error status, and widget settings. Local Snoodlr database tables are preserved by default to avoid unexpected merchant/site data loss.

Limitations

Production Snoodlr service URLs must remain accurate for the release build.

The plugin returns structured evidence to Snoodlr. Final answer synthesis happens in Snoodlr’s external service, not inside WordPress.

Online payments are not supported. Orders created by the commerce API are pending WooCommerce orders only.