ppl / module-tracking
Privacy-first behavioural tracking, consent management and EU/DE data-subject-rights tooling. Requires Ppl_Hub and remains independent of search and filter modules.
PPL Tracking & Privacy for Magento 2
PPL Tracking adds privacy-first behavioural tracking, GDPR/DSGVO consent management and EU/DE data-subject-rights tooling. It records search, click and purchase signals, aggregates them on a schedule, and exposes the result to other PPL modules through neutral Hub events — without a hard dependency on any search or filter module.
What It Adds
- Consent-gated browser behavioural collector (search executions, result impressions, clicks) with fixed-window rate limiting and event de-duplication
- Server-side purchase and return signals from
sales_order_place_afterandsales_order_creditmemo_save_after - Scheduled behaviour, query and query/product aggregation with a daily raw-event purge
- GDPR/DSGVO consent capture, append-only consent audit, Do-Not-Track handling and configurable PII redaction
- Data-subject-rights CLI tooling for export and erasure
- Neutral behaviour, product and zero-result signal provider events for optional consumers (e.g. Search Intelligence)
Requirements And Dependencies
- PHP: >=8.1
- Magento packages: magento/framework, magento/module-backend, magento/module-config, magento/module-cookie, magento/module-customer, magento/module-cron, magento/module-sales, magento/module-store
- PPL packages: ppl/module-hub
Installation
Install the required PPL packages in dependency order. Composer will skip packages that are already installed:
composer require ppl/module-hub ppl/module-tracking
bin/magento module:enable Ppl_Hub Ppl_Tracking
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento cache:flush
Manual app/code installation: copy the dependency modules and this module into app/code/Ppl in this order: Ppl/Hub -> Ppl/Tracking. Then run the same Magento commands starting with bin/magento module:enable.
First Use
- Open the admin configuration and enable behavioural tracking.
- Decide the consent policy: whether to require consent before tracking and whether to store the customer ID. The browser Do-Not-Track header is always honoured.
- Set the analytics privacy options (query PII redaction, maximum query length) and the raw-event retention window.
- Let the aggregation cron run before judging analytics output.
Admin entry: PPL Hub > Tracking & Privacy.
Configuration
Configuration is available under PPL Hub > Tracking & Privacy (Stores > Configuration > PPL > Tracking & Privacy):
- General — enable behavioural tracking.
- Consent (GDPR / DSGVO) — require consent before tracking; the browser Do-Not-Track header is always honoured.
- Privacy — store customer ID, redact PII from query analytics, maximum query length kept for analytics.
- Retention — raw event retention in days; older raw events are purged by cron.
Command Line
bin/magento ppl:tracking:gdpr:export— export the stored data for a data subject.bin/magento ppl:tracking:gdpr:erase— erase the stored data for a data subject and rebuild affected aggregates.
Scheduled Tasks
ppl_tracking_aggregate_behavior— aggregates raw events into behaviour, query and query/product statistics (every 30 minutes).ppl_tracking_purge_raw_events— purges raw events older than the configured retention window (daily).
Privacy And Data Subject Rights
- Tracking is consent-gated and can be configured to require explicit consent, and always honours the browser Do-Not-Track header.
- Consent decisions are recorded in an append-only consent audit trail.
- Query analytics can redact PII and cap the stored query length.
- Export and erasure are available through the data-subject-rights CLI commands; raw events are deleted and the affected aggregates are rebuilt from the remaining data.
Integrations And Boundaries
- Provides neutral behaviour, product and zero-result signals to optional consumers through the
ppl_behavior_signals_collect,ppl_product_search_signals_collectandppl_zero_result_queries_collectevents. Consumers such as Ppl_SearchIntelligence can use these signals, but Tracking does not depend on them. - Remains independent of PPL search and filter modules; it requires only Ppl_Hub for the shared admin navigation.
- Stable: run the documented PPL release gates (setup:upgrade, di:compile, PHPUnit, SCD, production mode) in your environment before publishing this package.
Localization
The package includes translation CSV files for 12 locales: de_DE, en_US, es_ES, fr_FR, it_IT, ja_JP, nl_NL, pl_PL, pt_BR, ru_RU, tr_TR, zh_CN.
Customer Documentation
Customer-facing User Guides and Marketplace Long Descriptions are maintained outside the Magento module package in the repository-level docs/user_guides and docs/long_descriptions folders. The module package itself intentionally keeps only this technical README plus developer-relevant files.
Support
Support contact: [email protected]. Include the module version, Magento version, enabled PPL companion modules, and the relevant admin or storefront screenshot when reporting an issue.
Changelog
1.2.0
- Initial release.
- Added standalone
Ppl_Trackingmodule for privacy-first behavioral tracking, consent management and data-subject-rights tooling. - Added the consent-gated browser collector with fixed-window rate limiting and event de-duplication.
- Added server-side purchase and return signals from Magento sales events.
- Added scheduled behavior, query and query/product aggregation and a daily raw-event purge.
- Added GDPR/DSGVO consent capture, append-only consent audit, Do-Not-Track handling and configurable query PII redaction and retention.
- Added the
ppl:tracking:gdpr:exportandppl:tracking:gdpr:eraseCLI commands. - Added neutral behavior, product and zero-result signal provider events for optional consumers, without a hard dependency on search or filter modules.
- Added the PPL Hub admin page
PPL Hub > Tracking & Privacyand translation CSV files for 12 locales.
Requires 15
| Package | Constraint |
|---|---|
| ext-hash | * |
| ext-mbstring | * |
| magento/framework | >=103.0.7 <104.0.0 |
| magento/module-backend | >=102.0.0 <103.0.0 |
| magento/module-catalog | >=104.0.0 <105.0.0 |
| magento/module-config | >=101.2.0 <102.0.0 |
| magento/module-cookie | >=100.4.0 <101.0.0 |
| magento/module-cron | >=100.4.0 <101.0.0 |
| magento/module-customer | >=103.0.0 <104.0.0 |
| magento/module-sales | >=103.0.0 <104.0.0 |
| magento/module-store | >=101.1.0 <102.0.0 |
| php | >=8.1 |
| ppl/module-hub | ^1.2 |
| psr/log | ^1.0 || ^2.0 || ^3.0 |
| symfony/console | ^6.4 || ^7.0 |
Compatibility
Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.
Code Quality
Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge. A phpcs finding can't make a module incompatible.
Static analysis
Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.
PHPStan
Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases.
Tests
Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.
Unit tests
Integration tests
| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | ||
| 2.4.8 | N/A | N/A | ||
| 2.4.9 | N/A | N/A |
Security
Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.
More from Pawel Pliousnin Digital Solutions
View vendorFoundation and anchor infrastructure for modular PPL admin reports; individual PPL report modules provide the actual reports.
Admin action board for Magento 2 that turns shop and PPL report signals into severity-scored task cards.
Standalone PPL Tracking & Privacy HV storefront package for Magento 2, compatible with Hyvä-based storefronts, with consent-aware behavioural tracking and data-subject tooling.
Standalone PPL Search Intelligence HV storefront package for Magento 2, compatible with Hyvä-based storefronts, with canonical search results, query understanding, explainable ranking, overlay search UI and optional Discovery Filters HV integration.
Turn an existing module into recurring revenue.
If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.