feat: save Terms text to donation meta for export

[mathetos]

Feature Request

User Story

As a Give admin who uses the Terms and Conditions feature in my Give forms, I want to be able to export my Donations and show that the donor agreed to my terms and have the copy of the terms available as well.

Currently neither the agreement status, nor the Terms text is available in the export at all.

This is helpful for GDPR and Privacy purposes to indicate clearly that the donor, on a certain date, with a certain name and email, with a certain IP address (all of those are already included in the export), agreed to certain terms of their donation (this part is not included).

Visuals

The Yellow options are already present and helpful toward this purpose. The red options are what I'm suggested be added:

Possible Solution

This snippet was created as a workaround, but it's adding an additional hidden textarea to save the Terms to the donation meta.

Ideally, we can grab the form-specific terms in Core without this, by passing it into the payment session dynamically.

We might alternatively want to display this info directly in the Donation Details screen, but that's really optional. The ability to Export with the Donation Export tool is primary.

Related

• Free user request and convo about the snippet: https://wordpress.org/support/topic/gdpr-consent-3/
• Existing GDPR issue #2458

Acceptance Criteria

• [ ] The Terms Agreement status (Yes|No) is saved as Donation meta for exporting
• [ ] The Terms Agreement text is saved as Donation meta for exporting
• [ ] The Terms Agreement text is reflected correctly depending on whether the user has customized it in the form, or using the Global options.
• [ ] All donations with all gateways are not negatively impacted by this update
• [ ] The Export Donations tool works as expected and displays this information correctly in their own unique columns

[kevinwhoffman]

Saving a full copy of the terms as they appeared in the form at the time of donation should provide a record of consent based on my understanding of the GDPR requirements. However this would also mean saving a full copy of the terms as donation meta for every donation. For a large site with many donors and a longer agreement, this may add significant bloat to the database as there would be many duplicate versions of the same terms saved across donations.

Another possibility (probably Give 3.0 territory) is versioning the terms and then saving the version number of the terms that were agreed to at the time of donation, as opposed to saving many duplicate copies. Of course this assumes a master copy of each version of the terms is available for reference, which is something Give does not currently provide.

Based on the requirements for consent, either saving a full copy of the terms or a version reference to the master copy would satisfy the requirements.

What they were told at the time: a master copy of the document or data capture form containing the consent statement in use at that time, along with any separate privacy policy or other privacy information, including version numbers and dates matching the date consent was given. If consent was given orally, your records should include a copy of the script used at that time.

How they consented: for written consent, a copy of the relevant document or data capture form. If consent was given online, your records should include the data submitted as well as a timestamp to link it to the relevant version of the data capture form. If consent was given orally, you should keep a note of this made at the time of the conversation - it doesn’t need to be a full record of the conversation.

[kevinwhoffman]

The dev team reviewed this together. Here is our recommendation going forward:

Temporary Solution

Provide the snippet as a temporary solution for those who need it.

Give 2.x

We do not recommend adding default functionality that will store a full copy of terms for every single donation. While this would satisfy the need to record consent, it would also present the following issues:

• Database bloat (full copy of Terms gets stored for every donation)
• Poor export UX (full copy of Terms on every line of a CSV)
• Difficult to parse which version of Terms a donor agreed to (if the terms are 3 paragraphs and a sentence changes in paragraph 2, it's going to be very difficult to discern that difference when the full terms are exported for every donation)

Give 3.x

In Give 3.0, we should account for versioning of Terms, which would look like this:

• Terms are assigned a version, and when the admin edits those terms, they are prompted to increment the version.
• Each donation stores a version number of the Terms that were agreed to (not a full copy of Terms).
• Exporting donations includes the version number (not a full copy of Terms).
• This version number can be cross-referenced to the actual Terms as they existed at the time of donation.

[mathetos]

That makes sense, but I think the version numbering might have to be essentially something like this:

• Global-Terms-VXXX where "V" means version
• FORM-ID-XXX-VXXX where "V" means version

I also feel like we can auto-increment these version numbers and not have to prompt the user to mess with that. A decision they really don't need to make.

[kevinwhoffman]

I don't think we can programmatically determine when an edit is considered a new version for the purposes of recording consent. If an admin is correcting a typo or whitespace, do you increment the version and save a new copy?

This would create a scenario where several donors agree to the same terms but different versions because of automated versioning. It would also result in a lot more versions saved in the database.

[DevinWalker]

Closing as we've created a Canny feedback here: https://givewp.canny.io/feature-requests/p/gdpr-compliance

[mtrehearn]

@mathetos Hi i am still trying to implement this change. I have used your code from the snippet but I don't seem to be able to get anything like what you have going on. I have added the code to my child theme's functions.php file. Firstly when I attempt to export the data I get this screen:

Then on the exported CSV file I end up having this:

All I want to do is export the wording of the checkbox i.e. "I agree to the terms as stated in the privacy section...." word for word and add it in to a column on its own like this:

Any help would be awesome please.