TejCart

TejCart is a shopping cart plugin for WordPress. Sell physical goods, digital downloads, or services with products, cart, checkout, orders, customers, coupons, taxes, and shipping all in one place.

Features

• Simple, variable, digital, grouped, external, and bundle products
• AJAX shopping cart with persistent storage for logged-in users
• Single-page checkout with guest checkout
• Multiple payment options including cards, digital wallets, and Pay Later
• Order management with refunds and invoices
• Customer accounts with order history
• Coupons, taxes, and shipping zones
• Transactional emails with template overrides
• Digital downloads with secure delivery URLs
• CSV import / export
• REST API and WP-CLI commands

Requirements

• WordPress 6.3 or later
• PHP 8.2 or later
• HTTPS enabled

External Services

TejCart connects to the external services below to provide payment processing and merchant onboarding. Data is only sent when the corresponding feature is actively used.

PayPal

When a shopper checks out, or a merchant refunds, captures, or voids a transaction, TejCart calls PayPal’s REST API at https://api-m.paypal.com (live) or https://api-m.sandbox.paypal.com (sandbox). Order totals, line items, billing and shipping addresses, and buyer contact information are sent as part of the checkout flow. The plugin also loads the PayPal JavaScript SDK from https://www.paypal.com/sdk/js and the partner-onboarding lightbox from https://www.paypal.com/webapps/merchantboarding/js/lib/lightbox/partner.js on the connect screen.

• Service provider: PayPal, Inc.
• Terms of service: https://www.paypal.com/us/legalhub/paypal/useragreement-full
• Privacy policy: https://www.paypal.com/us/legalhub/paypal/privacy-full

Google Pay

When the merchant enables Google Pay, the plugin loads Google’s Pay JavaScript SDK from https://pay.google.com/gp/p/js/pay.js on the cart and checkout pages so the Google Pay button can render and tokenize the shopper’s card.

• Service provider: Google LLC
• Terms of service: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=buyertos&ldr=US
• Privacy policy: https://policies.google.com/privacy

TejCart Partner Onboarding Proxy

To enable one-click merchant onboarding without shipping partner credentials in the plugin, TejCart calls a proxy at https://tejcart.com/ppcp-seller-onboarding/seller-onboarding.php. The proxy is only contacted while a merchant is connecting or disconnecting a payment account. The plugin sends the merchant’s WordPress admin email, the environment (sandbox or live), a return URL pointing back to the WordPress admin, and the requested product bundle. No shopper data, order data, or API credentials are sent.

• Service provider: TejCart
• Terms of service: https://tejcart.com/terms-of-service.html
• Privacy policy: https://tejcart.com/privacy-policy.html

Optional tax providers (disabled by default)

The tax services below are opt-in. They are disabled by default and only become active after the merchant explicitly enables the provider under TejCart > Settings > Tax and supplies their own API credentials.

Stripe Tax — When enabled, the plugin calls https://api.stripe.com/v1/tax/calculations at checkout to calculate sales tax / VAT. The request contains the cart’s line items, the shopper’s shipping address, and the store currency.

• Service provider: Stripe, Inc.
• Terms of service: https://stripe.com/legal/ssa
• Privacy policy: https://stripe.com/privacy

Avalara AvaTax — When enabled, the plugin calls https://rest.avatax.com (or https://sandbox-rest.avatax.com in sandbox mode) at checkout to calculate sales tax. The request contains the cart’s line items, the shopper’s shipping address, the store’s origin address, and the order currency.

• Service provider: Avalara, Inc.
• Terms of service: https://legal.avalara.com/avalaraenduserterms.html
• Privacy policy: https://www.avalara.com/privacy-policy

TaxJar — When enabled, the plugin calls https://api.taxjar.com (or https://api.sandbox.taxjar.com in sandbox mode) at checkout to calculate sales tax. The request contains the cart’s line items, the shopper’s shipping address, the store’s origin address, and the order currency.

• Service provider: TaxJar (a Stripe company)
• Terms of service: https://www.taxjar.com/terms-of-service
• Privacy policy: https://www.taxjar.com/privacy

Optional bot-mitigation providers (disabled by default)

The bot-mitigation services below are opt-in. They are disabled by default and only become active after the merchant explicitly selects a provider under TejCart > Settings and supplies their own site key and secret. When active, the selected provider’s challenge token plus the visitor’s IP address are sent to the provider’s siteverify endpoint on protected form submissions (checkout, login, registration) so the request can be classified as human or bot. No order, cart, or payment data is transmitted.

Cloudflare Turnstile — When enabled, the plugin posts the visitor’s challenge token and IP address to https://challenges.cloudflare.com/turnstile/v0/siteverify.

• Service provider: Cloudflare, Inc.
• Terms of service: https://www.cloudflare.com/website-terms/
• Privacy policy: https://www.cloudflare.com/privacypolicy/

hCaptcha — When enabled, the plugin posts the visitor’s challenge token and IP address to https://hcaptcha.com/siteverify.

• Service provider: Intuition Machines, Inc. (hCaptcha)
• Terms of service: https://www.hcaptcha.com/terms
• Privacy policy: https://www.hcaptcha.com/privacy

Google reCAPTCHA v3 — When enabled, the plugin posts the visitor’s challenge token and IP address to https://www.google.com/recaptcha/api/siteverify.

• Service provider: Google LLC
• Terms of service: https://policies.google.com/terms
• Privacy policy: https://policies.google.com/privacy