ppl / module-tracking-hv

ppl/module-tracking-hv

Standalone PPL Tracking & Privacy HV storefront package for Magento 2, compatible with Hyvä-based storefronts, with consent-aware behavioural tracking and data-subject tooling.

  • Pawel Pliousnin
magento2-module Compatibility: 2.4.7-2.4.9 Code Quality: Warning Tests: N/A Security: Pass proprietary

PPL Tracking & Privacy for Magento 2

PPL Tracking adds privacy-first behavioural tracking, GDPR/DSGVO consent management and EU/DE data-subject-rights tooling. It records search, click and purchase signals, aggregates them on a schedule, and exposes the result to other PPL modules through neutral Hub events — without a hard dependency on any search or filter module.

What It Adds

  • Consent-gated browser behavioural collector (search executions, result impressions, clicks) with fixed-window rate limiting and event de-duplication
  • Server-side purchase and return signals from sales_order_place_after and sales_order_creditmemo_save_after
  • Scheduled behaviour, query and query/product aggregation with a daily raw-event purge
  • GDPR/DSGVO consent capture, append-only consent audit, Do-Not-Track handling and configurable PII redaction
  • Data-subject-rights CLI tooling for export and erasure
  • Neutral behaviour, product and zero-result signal provider events for optional consumers (e.g. Search Intelligence)

Requirements And Dependencies

  • PHP: >=8.1
  • Magento packages: magento/framework, magento/module-backend, magento/module-config, magento/module-cookie, magento/module-customer, magento/module-cron, magento/module-sales, magento/module-store
  • PPL packages: ppl/module-hub

Installation

Install the required PPL packages in dependency order. Composer will skip packages that are already installed:

composer require ppl/module-hub ppl/module-tracking-hv
bin/magento module:enable Ppl_Hub Ppl_TrackingHV
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento cache:flush

Manual app/code installation: copy the dependency modules and this module into app/code/Ppl in this order: Ppl/Hub -> Ppl/Tracking. Then run the same Magento commands starting with bin/magento module:enable.

First Use

  • Open the admin configuration and enable behavioural tracking.
  • Decide the consent policy: whether to require consent before tracking and whether to store the customer ID. The browser Do-Not-Track header is always honoured.
  • Set the analytics privacy options (query PII redaction, maximum query length) and the raw-event retention window.
  • Let the aggregation cron run before judging analytics output.

Admin entry: PPL Hub > Tracking & Privacy.

Configuration

Configuration is available under PPL Hub > Tracking & Privacy (Stores > Configuration > PPL > Tracking & Privacy):

  • General — enable behavioural tracking.
  • Consent (GDPR / DSGVO) — require consent before tracking; the browser Do-Not-Track header is always honoured.
  • Privacy — store customer ID, redact PII from query analytics, maximum query length kept for analytics.
  • Retention — raw event retention in days; older raw events are purged by cron.

Command Line

  • bin/magento ppl:tracking:gdpr:export — export the stored data for a data subject.
  • bin/magento ppl:tracking:gdpr:erase — erase the stored data for a data subject and rebuild affected aggregates.

Scheduled Tasks

  • ppl_tracking_aggregate_behavior — aggregates raw events into behaviour, query and query/product statistics (every 30 minutes).
  • ppl_tracking_purge_raw_events — purges raw events older than the configured retention window (daily).

Privacy And Data Subject Rights

  • Tracking is consent-gated and can be configured to require explicit consent, and always honours the browser Do-Not-Track header.
  • Consent decisions are recorded in an append-only consent audit trail.
  • Query analytics can redact PII and cap the stored query length.
  • Export and erasure are available through the data-subject-rights CLI commands; raw events are deleted and the affected aggregates are rebuilt from the remaining data.

Integrations And Boundaries

  • Provides neutral behaviour, product and zero-result signals to optional consumers through the ppl_behavior_signals_collect, ppl_product_search_signals_collect and ppl_zero_result_queries_collect events. Consumers such as Ppl_SearchIntelligenceHV can use these signals, but Tracking does not depend on them.
  • Remains independent of PPL search and filter modules; it requires only Ppl_Hub for the shared admin navigation.
  • Stable: run the documented PPL release gates (setup:upgrade, di:compile, PHPUnit, SCD, production mode) in your environment before publishing this package.

Localization

The package includes translation CSV files for 12 locales: de_DE, en_US, es_ES, fr_FR, it_IT, ja_JP, nl_NL, pl_PL, pt_BR, ru_RU, tr_TR, zh_CN.

Customer Documentation

Customer-facing User Guides and Marketplace Long Descriptions are maintained outside the Magento module package in the repository-level docs/user_guides and docs/long_descriptions folders. The module package itself intentionally keeps only this technical README plus developer-relevant files.

Support

Support contact: [email protected]. Include the module version, Magento version, enabled PPL companion modules, and the relevant admin or storefront screenshot when reporting an issue.

Changelog

1.0.0

  • Added standalone Ppl_TrackingHV module for privacy-first behavioural tracking, consent management and data-subject-rights tooling.
  • Added the consent-gated browser collector with fixed-window rate limiting and event de-duplication.
  • Added server-side purchase and return signals from Magento sales events.
  • Added scheduled behaviour, query and query/product aggregation and a daily raw-event purge.
  • Added GDPR/DSGVO consent capture, append-only consent audit, Do-Not-Track handling and configurable query PII redaction and retention.
  • Added the ppl:tracking:gdpr:export and ppl:tracking:gdpr:erase CLI commands.
  • Added neutral behaviour, product and zero-result signal provider events for optional consumers, without a hard dependency on search or filter modules.
  • Added the PPL Hub admin page PPL Hub > Tracking & Privacy and translation CSV files for 12 locales.
Versions
Version Stability QA Status Compatibility Released
1.2.0 stable Pass Magento 2.4.7-2.4.9 Details 2026-07-08 08:57:54

Requires 15

Package Constraint
ext-hash *
ext-mbstring *
magento/framework >=103.0.7 <104.0.0
magento/module-backend >=102.0.0 <103.0.0
magento/module-catalog >=104.0.0 <105.0.0
magento/module-config >=101.2.0 <102.0.0
magento/module-cookie >=100.4.0 <101.0.0
magento/module-cron >=100.4.0 <101.0.0
magento/module-customer >=103.0.0 <104.0.0
magento/module-sales >=103.0.0 <104.0.0
magento/module-store >=101.1.0 <102.0.0
php >=8.1
ppl/module-hub ^1.2
psr/log ^1.0 || ^2.0 || ^3.0
symfony/console ^6.4 || ^7.0

Conflicts 1

Package Constraint
ppl/module-tracking *

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Pass
2.4.9 Pass Pass

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge. A phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Warning 13 13 warnings (ruleset: Magento2), 2 auto-fixable with phpcbf
PHPMD Warning 45 45 rule violations (MissingImport:30, CyclomaticComplexity:5, NPathComplexity:4, ExcessiveClassComplexity:3, UnusedFormalParameter:3)
Cpd Pass 0
Composer validate Info 1 valid; 1 advisory note (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Pass
2.4.9 Pass Pass

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit N/A 0 no resolvable dependency tree to audit: Your requirements could not be resolved to an installable set of packages. Problem 1
Malware scan Pass 0
License
proprietary
Authors
  • Pawel Pliousnin — Developer

More from Pawel Pliousnin Digital Solutions

View vendor
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.