User Guide

AI Compliance & Privacy Manager

Everything you need to inform visitors about your use of AI, capture their consent, document your AI vendors, and produce compliance reports — no coding required.

What is this plugin?

This plugin helps your website meet privacy and AI-related regulations (such as the GDPR and emerging AI rules). It gives your visitors clear information and control over how artificial intelligence is used, and gives you the records to prove it.

Think of it like a cookie-consent tool, but focused on AI. It handles six things:

🔔

Disclosure banner

A customizable notice telling visitors your site uses AI.

Consent

Visitors choose what AI processing they allow — every choice is logged.

🏢

Provider registry

Document each AI vendor you use and how they handle data.

🚫

Training controls

Declare whether AI crawlers may use your content for training.

📋

Activity log

A record of AI requests, token usage and consent checks.

📊

Reports

Export compliance summaries as PDF, CSV or JSON.

Everything is managed from the AI Compliance menu in your WordPress admin sidebar. This guide walks through each area.

Installation & activation

  1. Add the plugin Copy the aicpm folder into wp-content/plugins/, or upload the ZIP under Plugins → Add New → Upload Plugin.
  2. Activate it Go to Plugins, find “AI Compliance & Privacy Manager”, and click Activate. On a multisite network you can Network Activate to enable it on every site.
  3. Open the settings A new AI Compliance item appears in the sidebar. Click it, or use the Settings link on the Plugins screen.
  4. Configure the basics Set your banner message, add your AI providers, and set your data-protection contact email (see the sections below).

Requirements

  • WordPress 6.5 or higher
  • PHP 8.1 or higher
  • Works on single sites and multisite networks
The plugin is translation-ready. If your site runs in another language, translated text will appear automatically once a translation file is available.

The dashboard

The first screen under AI Compliance is your dashboard. It gives you an at-a-glance view of your compliance posture.

What you'll see

  • Metric cards — consents granted, consents denied, registered providers, and logged AI events.
  • Compliance checklist — each item shows an OK or Review badge so you know what still needs attention.
  • Quick links — jump straight to Settings, Providers, or Reports.
Aim for all checklist items to show OK. A Review badge simply means that feature isn't set up yet — click through and complete it.

AI providers

Keep a register of every AI vendor your site relies on (for example OpenAI, Anthropic, or Google Gemini). This documentation is a common compliance requirement.

Adding a provider

  1. Open the Providers screen Go to AI Compliance → AI Providers.
  2. Fill in the form On the right, enter the provider's name. Start typing to pick from well-known vendors, or type your own.
  3. Describe the processing Choose a category and record the purpose, the data processed, the retention period, and the data location.
  4. Add reference links Paste the provider's privacy-policy URL and data-processing-agreement (DPA) URL if you have them.
  5. Save Keep Active ticked and click Add provider.

Editing or removing

Use the Edit link on any row to update its details, or Delete to remove a provider you no longer use. Active providers are listed automatically on your public policy page.

Even if you only use one AI service, add it here — the dashboard checklist expects at least one registered provider.

AI training controls

Decide whether AI companies may use your website's content to train their models — and publish that decision in the formats AI crawlers understand.

Choosing your policy

  1. Go to Settings → Training
  2. Allow or opt out Leave Allow AI training unticked to opt out (recommended for most sites), or tick it to permit training.
  3. Pick your channels Choose how the decision is published — robots meta tags, an HTTP header, robots.txt crawler blocks, and an /llms.txt file.
  4. Customize llms.txt (Optional) Provide your own llms.txt text, or leave it blank to auto-generate one from your policy.
  5. Save Changes
ChannelWhat it does
Robots meta tagsAdds noai / noimageai signals to your pages' HTML.
HTTP headerSends an X-Robots-Tag header with each page.
robots.txtBlocks known AI crawlers (GPTBot, ClaudeBot, Google-Extended, and more).
llms.txtPublishes a plain-language AI policy file at your-site.com/llms.txt.
Pretty permalinks required for files. The /llms.txt and /robots.txt files need “pretty” permalinks to be active. If they don't load, go to Settings → Permalinks and choose any option other than “Plain”, then save. The meta-tag and HTTP-header signals work regardless.

Activity log

The activity log records AI-related events on your site — API requests, token usage, and whether consent was verified — so you have an audit trail.

Turning it on

  1. Go to Settings → Logging
  2. Enable logging Tick Enable AI activity logging and choose whether to log requests and responses.
  3. Set retention Enter how many days to keep records. Older entries are automatically deleted each day. Enter 0 to keep everything.
  4. Save Changes

Viewing the log

Go to AI Compliance → Activity Log to browse events, filter by type, and Export CSV.

For developers. Other plugins or your theme can add entries with a single line of code:
do_action( 'aicpm_log', 'api_request', array(
    'provider_slug' => 'openai',
    'tokens_total'  => 1200,
) );

Policy page, blocks & shortcodes

Publish a clear, public page explaining your use of AI — generated for you, or built with a block or shortcodes.

The quickest way: auto-generate a page

  1. Go to Reports Open AI Compliance → Reports.
  2. Create the page In the Policy page box, click Create policy page. A draft page is created containing the AI Policy block.
  3. Review & publish Edit the draft to add anything specific to your organization, then publish it. You can now link it from the banner (Settings → Disclosure → Policy page).

Using the block

In the editor, add the AI Policy block (search for “AI Policy”). In the block settings on the right, choose what to display:

  • AI Policy statement — a full, readable policy.
  • Provider list — a table of your active AI providers.
  • Consent preferences — a form where visitors can update their choices.

Using shortcodes

Prefer the Classic Editor or want to place content anywhere? Use these shortcodes:

ShortcodeShows
[aicpm_ai_policy]The full AI policy statement.
[aicpm_provider_list]A table of your active AI providers.
[aicpm_consent_preferences]A consent-preferences form visitors can use anytime.
Add [aicpm_consent_preferences] to your privacy page so visitors can change their AI choices whenever they want — a good practice for transparency.

Reports & exports

Produce compliance reports for your records, management, or an auditor.

  1. Open Reports Go to AI Compliance → Reports.
  2. Choose a dataset Pick Compliance summary, Consent records, or Activity log.
  3. Choose a format PDF (best for the summary), CSV (for spreadsheets), or JSON (for data tools).
  4. Set a date range (Optional) Limit activity and usage data to a period.
  5. Download Click Download report.
FormatBest for
PDFA polished, printable compliance summary to share or file.
CSVOpening records in Excel or Google Sheets.
JSONFeeding data into other systems or tools.

Privacy & GDPR requests

The plugin integrates with WordPress's built-in privacy tools, so consent records are included when you handle data requests.

Exporting a person's data

  1. Go to Tools → Export Personal Data.
  2. Enter the person's email and send/confirm the request.
  3. The download includes an “AI Consent Records” section with their consent history.

Erasing a person's data

  1. Go to Tools → Erase Personal Data.
  2. Enter the person's email and confirm.
  3. Their AI consent records and activity-log entries are removed.
The plugin also suggests text for your site's Privacy Policy (Settings → Privacy) explaining what AI-related data you collect.

Settings reference

A quick map of every settings tab under AI Compliance → Settings.

TabControls
DisclosureEnable the banner, message, button labels, position, colours, linked policy page, and where/who it shows to.
ConsentRequire explicit opt-in, policy version (used to re-prompt), and how long a consent choice is remembered.
TrainingAllow or opt out of AI training, and which channels publish the decision. Custom llms.txt text.
LoggingEnable activity logging, log requests/responses, store a hashed IP, and retention period.
ReportingYour organization name and data-protection contact email, used in reports and the policy.

FAQ & troubleshooting

The banner isn't appearing

  • Check Settings → Disclosure → Enable banner is ticked.
  • You may have already accepted or dismissed it — test in a new incognito window.
  • Check the “Display conditions” aren't limiting it to pages you're not viewing.

“Save preferences” doesn't work / I see a console error

This usually points to a server that isn't routing “pretty” URLs. The plugin automatically works around it, but if you want the cleanest setup, enable pretty permalinks under Settings → Permalinks (choose any option other than “Plain”).

My /llms.txt page shows “Not Found”

That file needs pretty permalinks. Go to Settings → Permalinks, choose Post name, and save. Then reload your-site.com/llms.txt.

Will visitors be asked for consent repeatedly?

No. Once a visitor chooses, their decision is remembered for the number of days set on the Consent tab. They'll only be re-asked if you increase the Policy version.

Does the plugin slow down my site?

No. It loads a small stylesheet and script only where needed, and stores data in dedicated, indexed database tables.

What happens if I deactivate or delete the plugin?

Deactivating keeps all your data and settings. Deleting the plugin removes its data (tables, settings, and the manage capability) so nothing is left behind.

Glossary

ConsentA visitor's recorded permission (or refusal) for a specific type of AI processing.
DisclosureThe act of informing visitors that your site uses AI — shown via the banner.
ProviderAn AI vendor or service your site uses, e.g. OpenAI or Anthropic.
TrainingUsing content or interactions to teach/improve an AI model.
llms.txtA plain-text file that tells AI systems your usage policy, similar to robots.txt.
RetentionHow long records are kept before being automatically deleted.
DPAData Processing Agreement — a contract governing how a vendor handles personal data.
DPOData Protection Officer — the contact for privacy matters.