AI Compliance & Privacy Manager
Everything you need to inform visitors about your use of AI, capture their consent, document your AI vendors, and produce compliance reports — no coding required.
What is this plugin?
This plugin helps your website meet privacy and AI-related regulations (such as the GDPR and emerging AI rules). It gives your visitors clear information and control over how artificial intelligence is used, and gives you the records to prove it.
Think of it like a cookie-consent tool, but focused on AI. It handles six things:
Disclosure banner
A customizable notice telling visitors your site uses AI.
Consent
Visitors choose what AI processing they allow — every choice is logged.
Provider registry
Document each AI vendor you use and how they handle data.
Training controls
Declare whether AI crawlers may use your content for training.
Activity log
A record of AI requests, token usage and consent checks.
Reports
Export compliance summaries as PDF, CSV or JSON.
Installation & activation
- Add the plugin Copy the aicpm folder into wp-content/plugins/, or upload the ZIP under Plugins → Add New → Upload Plugin.
- Activate it Go to Plugins, find “AI Compliance & Privacy Manager”, and click Activate. On a multisite network you can Network Activate to enable it on every site.
- Open the settings A new AI Compliance item appears in the sidebar. Click it, or use the Settings link on the Plugins screen.
- Configure the basics Set your banner message, add your AI providers, and set your data-protection contact email (see the sections below).
Requirements
- WordPress 6.5 or higher
- PHP 8.1 or higher
- Works on single sites and multisite networks
The dashboard
The first screen under AI Compliance is your dashboard. It gives you an at-a-glance view of your compliance posture.
What you'll see
- Metric cards — consents granted, consents denied, registered providers, and logged AI events.
- Compliance checklist — each item shows an OK or Review badge so you know what still needs attention.
- Quick links — jump straight to Settings, Providers, or Reports.
Consent & the consent log
Visitors can control four categories of AI processing. Each is opt-in by default (nothing is allowed until the visitor agrees).
| Consent type | What it covers |
|---|---|
| AI Personalization | Tailoring content and experiences based on the visitor's activity. |
| AI Recommendation Engines | Generating product or content recommendations. |
| AI Chatbot Interactions | Interacting with AI-powered chat assistants on your site. |
| AI Training Permissions | Using the visitor's interactions to train or improve AI models. |
Reviewing recorded consent
- Open the Consent Log Go to AI Compliance → Consent Log.
- Read the records Each row shows the consent type, whether it was Granted or Denied, the visitor (a logged-in username or “Guest”), the source, the policy version, and the exact time (UTC).
- Filter Narrow the list by consent type or status.
- Export Click Export CSV to download the records for your files or an auditor.
AI providers
Keep a register of every AI vendor your site relies on (for example OpenAI, Anthropic, or Google Gemini). This documentation is a common compliance requirement.
Adding a provider
- Open the Providers screen Go to AI Compliance → AI Providers.
- Fill in the form On the right, enter the provider's name. Start typing to pick from well-known vendors, or type your own.
- Describe the processing Choose a category and record the purpose, the data processed, the retention period, and the data location.
- Add reference links Paste the provider's privacy-policy URL and data-processing-agreement (DPA) URL if you have them.
- Save Keep Active ticked and click Add provider.
Editing or removing
Use the Edit link on any row to update its details, or Delete to remove a provider you no longer use. Active providers are listed automatically on your public policy page.
AI training controls
Decide whether AI companies may use your website's content to train their models — and publish that decision in the formats AI crawlers understand.
Choosing your policy
- Go to Settings → Training
- Allow or opt out Leave Allow AI training unticked to opt out (recommended for most sites), or tick it to permit training.
- Pick your channels Choose how the decision is published — robots meta tags, an HTTP header, robots.txt crawler blocks, and an
/llms.txtfile. - Customize llms.txt (Optional) Provide your own
llms.txttext, or leave it blank to auto-generate one from your policy. - Save Changes
| Channel | What it does |
|---|---|
| Robots meta tags | Adds noai / noimageai signals to your pages' HTML. |
| HTTP header | Sends an X-Robots-Tag header with each page. |
| robots.txt | Blocks known AI crawlers (GPTBot, ClaudeBot, Google-Extended, and more). |
| llms.txt | Publishes a plain-language AI policy file at your-site.com/llms.txt. |
/llms.txt and /robots.txt files need “pretty” permalinks to be active. If they don't load, go to Settings → Permalinks and choose any option other than “Plain”, then save. The meta-tag and HTTP-header signals work regardless.Activity log
The activity log records AI-related events on your site — API requests, token usage, and whether consent was verified — so you have an audit trail.
Turning it on
- Go to Settings → Logging
- Enable logging Tick Enable AI activity logging and choose whether to log requests and responses.
- Set retention Enter how many days to keep records. Older entries are automatically deleted each day. Enter
0to keep everything. - Save Changes
Viewing the log
Go to AI Compliance → Activity Log to browse events, filter by type, and Export CSV.
do_action( 'aicpm_log', 'api_request', array(
'provider_slug' => 'openai',
'tokens_total' => 1200,
) );
Policy page, blocks & shortcodes
Publish a clear, public page explaining your use of AI — generated for you, or built with a block or shortcodes.
The quickest way: auto-generate a page
- Go to Reports Open AI Compliance → Reports.
- Create the page In the Policy page box, click Create policy page. A draft page is created containing the AI Policy block.
- Review & publish Edit the draft to add anything specific to your organization, then publish it. You can now link it from the banner (Settings → Disclosure → Policy page).
Using the block
In the editor, add the AI Policy block (search for “AI Policy”). In the block settings on the right, choose what to display:
- AI Policy statement — a full, readable policy.
- Provider list — a table of your active AI providers.
- Consent preferences — a form where visitors can update their choices.
Using shortcodes
Prefer the Classic Editor or want to place content anywhere? Use these shortcodes:
| Shortcode | Shows |
|---|---|
[aicpm_ai_policy] | The full AI policy statement. |
[aicpm_provider_list] | A table of your active AI providers. |
[aicpm_consent_preferences] | A consent-preferences form visitors can use anytime. |
[aicpm_consent_preferences] to your privacy page so visitors can change their AI choices whenever they want — a good practice for transparency.Reports & exports
Produce compliance reports for your records, management, or an auditor.
- Open Reports Go to AI Compliance → Reports.
- Choose a dataset Pick Compliance summary, Consent records, or Activity log.
- Choose a format PDF (best for the summary), CSV (for spreadsheets), or JSON (for data tools).
- Set a date range (Optional) Limit activity and usage data to a period.
- Download Click Download report.
| Format | Best for |
|---|---|
| A polished, printable compliance summary to share or file. | |
| CSV | Opening records in Excel or Google Sheets. |
| JSON | Feeding data into other systems or tools. |
Privacy & GDPR requests
The plugin integrates with WordPress's built-in privacy tools, so consent records are included when you handle data requests.
Exporting a person's data
- Go to Tools → Export Personal Data.
- Enter the person's email and send/confirm the request.
- The download includes an “AI Consent Records” section with their consent history.
Erasing a person's data
- Go to Tools → Erase Personal Data.
- Enter the person's email and confirm.
- Their AI consent records and activity-log entries are removed.
Settings reference
A quick map of every settings tab under AI Compliance → Settings.
| Tab | Controls |
|---|---|
| Disclosure | Enable the banner, message, button labels, position, colours, linked policy page, and where/who it shows to. |
| Consent | Require explicit opt-in, policy version (used to re-prompt), and how long a consent choice is remembered. |
| Training | Allow or opt out of AI training, and which channels publish the decision. Custom llms.txt text. |
| Logging | Enable activity logging, log requests/responses, store a hashed IP, and retention period. |
| Reporting | Your organization name and data-protection contact email, used in reports and the policy. |
FAQ & troubleshooting
The banner isn't appearing
- Check Settings → Disclosure → Enable banner is ticked.
- You may have already accepted or dismissed it — test in a new incognito window.
- Check the “Display conditions” aren't limiting it to pages you're not viewing.
“Save preferences” doesn't work / I see a console error
This usually points to a server that isn't routing “pretty” URLs. The plugin automatically works around it, but if you want the cleanest setup, enable pretty permalinks under Settings → Permalinks (choose any option other than “Plain”).
My /llms.txt page shows “Not Found”
That file needs pretty permalinks. Go to Settings → Permalinks, choose Post name, and save. Then reload your-site.com/llms.txt.
Will visitors be asked for consent repeatedly?
No. Once a visitor chooses, their decision is remembered for the number of days set on the Consent tab. They'll only be re-asked if you increase the Policy version.
Does the plugin slow down my site?
No. It loads a small stylesheet and script only where needed, and stores data in dedicated, indexed database tables.
What happens if I deactivate or delete the plugin?
Deactivating keeps all your data and settings. Deleting the plugin removes its data (tables, settings, and the manage capability) so nothing is left behind.
Glossary
| Consent | A visitor's recorded permission (or refusal) for a specific type of AI processing. |
| Disclosure | The act of informing visitors that your site uses AI — shown via the banner. |
| Provider | An AI vendor or service your site uses, e.g. OpenAI or Anthropic. |
| Training | Using content or interactions to teach/improve an AI model. |
| llms.txt | A plain-text file that tells AI systems your usage policy, similar to robots.txt. |
| Retention | How long records are kept before being automatically deleted. |
| DPA | Data Processing Agreement — a contract governing how a vendor handles personal data. |
| DPO | Data Protection Officer — the contact for privacy matters. |