Add privacy policy content registration

[masteradhoc]

What?

Fixes #868

Adds suggested privacy policy content for the Two Factor plugin via the WordPress Privacy Policy Guide (wp_add_privacy_policy_content).

Why?

WordPress provides a built-in mechanism for plugins to contribute suggested text to a site's privacy policy page. The Two Factor plugin stores personal data (TOTP secret keys, backup codes, enabled provider settings) but has never registered suggested privacy policy text, leaving site administrators without guidance on what to disclose.

How?

• Registers an admin_init action that calls a new static method Two_Factor_Core::add_privacy_policy_content().
• The method calls wp_add_privacy_policy_content() with a suggested block of text covering:
  • What data is stored (TOTP secret key, backup codes, email address usage, enabled providers list)
  • Who data is shared with (no one)
  • How long data is retained (for the lifetime of the user account)
  • What rights users have over their data (export and erasure)

Testing Instructions

1. Activate the Two Factor plugin on a WordPress site.
2. In the WordPress admin, go to Settings → Privacy.
3. Click Check for guide suggestions (or create/open a privacy policy page).
4. Confirm that a "Two Factor" section appears in the Privacy Policy Guide with the suggested text covering the four data categories above.
5. Confirm that the suggested text can be copied into the policy page.
6. Deactivate the plugin and confirm the section no longer appears in the guide.

Screenshots or screencast

Changelog Entry

Added - Register suggested privacy policy content via wp_add_privacy_policy_content so site administrators are guided on disclosing Two Factor authentication data.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: masteradhoc <masteradhoc@git.wordpress.org>
Co-authored-by: jeffpaul <jeffpaul@git.wordpress.org>
Co-authored-by: dknauss <dpknauss@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[jeffpaul]

Functional approach and rationale sounds fine to me, will defer to others on technical review of implementation.

[dknauss]

Looks good to me. The "Two Factor" section appears in the Privacy Policy Guide as expected as soon as the plugin is activated. If it's deactivated/deleted, a notice remains to warn the user that the policy may need to be updated to remove references to Two-Factor. Very nice.

Some potential problems I want to flag:

As worded now, the PR registers privacy policy text that makes three claims that are not aligned with the plugin's current functionality:

• TOTP secret is encrypted. (Unless PR Encrypt TOTP secrets at rest using AES-256-GCM #819 is merged, secrets are currently stored in plaintext as a base32 string.)
• Disabling a method deletes the data. (It doesn't.)
• Users can request export/erasure via WP's built-in tools. (No exporter/eraser registered.)

At a minimum, the claims being made should be softened to match what the code actually does, or else the code needs to do what the policy claims: register privacy exporters/erasers and actually delete provider data on disable.

Because of the policy context, all written claims should be precise and defensible, legally and technically.

[masteradhoc]

Thanks @dknauss, seems correct. I've adjusted the text now. What do you think?

[dknauss]

@masteradhoc it looks fine now. 👍

[dknauss]

@masteradhoc Actually, here are two tiny nitpicky polishing details to note:

• Email/Storage: “Your account email is used to send a one-time passcode when the email provider is active. A hashed copy of the code and its timestamp may be stored temporarily to validate the login.” (Two-Factor does store a hashed token + timestamp temporarily in user meta for validation.)

• Localization: wp_add_privacy_policy_content( 'Two Factor', ... ) could probably use __( 'Two Factor', 'two-factor' ) for consistency.

Neither feels blocking to me.