BIG-FLYTX by MAS

Description

BIG-FLYTX by MAS captures first-party visitor, customer, lead, ecommerce, and conversion events, stores them in plugin-owned database tables, pushes events to dataLayer, and can send mapped events to enabled browser/server destinations.

Supported destination families include Meta/Facebook/Instagram, Google/GA4/GTM/Google Ads/YouTube, Microsoft/Bing UET, TikTok/Telegram, LinkedIn, Pinterest, Snapchat, X/Twitter, Reddit, Quora, and custom server relays.

The plugin uses normalized internal event names and maps them to destination-specific event names for Meta, GA4, TikTok and other ad/social platforms.

By default, the plugin is installed in paused mode. A site administrator must review the disclosures, explicitly authorize tracking, enable BIG-FLYTX, and enable each desired destination. No visitor event is collected or transmitted merely by installing or activating the plugin.

Data Collection & Privacy

The plugin is paused after activation and does not collect or transmit visitor events until a site administrator enables it.

Tracking starts only after an administrator gives explicit opt-in authorization in BIG-FLYTX settings and enables the plugin. The administrator can choose Site-owner managed mode, where the site owner handles required visitor notices or consent through the site’s own policy/CMP, or Strict visitor gate mode, where BIG-FLYTX also waits for a bftx_consent=granted cookie or the documented bftx_mas_tracking_consent_granted filter. BIG-FLYTX does not display its own consent banner.

When consent has been granted, the plugin can collect visitor IDs, URLs, referrers, UTM parameters, advertising click IDs, browser/user-agent hashes, IP-address hashes, ecommerce event data, product/order data, and safe lead/customer fields such as name, email, and phone when those fields are supplied through forms or commerce transactions.

Raw personally identifiable information storage is disabled by default. Site owners can enable raw name/email/phone storage only when their privacy policy and consent process permit it. Hashes may be stored for matching and deduplication.

The plugin includes explicit administrator opt-in, an optional strict visitor-consent gate, Do Not Track support, raw-PII controls, administrator masking, configurable retention, delivery-log retention, WordPress personal-data export/erase support, and optional uninstall deletion.

External Services

No third-party service is contacted merely by installing or activating the plugin. A service is contacted only when all of the following are true: the administrator explicitly authorizes the disclosed tracking, enables BIG-FLYTX, enables the relevant integration and delivery mode, and configures the required IDs or credentials. If Strict visitor gate mode is selected, visitor consent must also be received before collection or transmission.

Depending on the enabled integration, the plugin may load the provider’s browser script or send a server-side conversion request. Data can include event name, event ID, timestamp, page URL, referrer, UTM values, advertising click IDs, product/order identifiers, items, value, currency, and hashed user identifiers. IP address and user agent can be sent where required by a configured conversions API. API credentials are supplied by the site administrator and are not printed into frontend JavaScript.

Meta / Facebook / Instagram

Used for Meta Pixel and the Meta Conversions API. Browser scripts are loaded from connect.facebook.net; server events are sent to graph.facebook.com only when configured.
Terms: https://www.facebook.com/legal/terms
Privacy: https://www.facebook.com/privacy/policy/

Google Analytics, Google Ads, Google Tag Manager, and YouTube-related measurement

Used for GA4/Google Ads browser measurement, Google Tag Manager, and GA4 Measurement Protocol. Browser scripts are loaded from googletagmanager.com; configured server events are sent to google-analytics.com.
Terms: https://policies.google.com/terms
Privacy: https://policies.google.com/privacy

Microsoft Advertising / Bing UET

Used for Microsoft UET browser measurement and an optional administrator-configured server endpoint. The browser script is loaded from bat.bing.com.
Terms: https://www.microsoft.com/servicesagreement
Privacy: https://privacy.microsoft.com/privacystatement

TikTok

Used for TikTok Pixel and TikTok Events API. Browser scripts are loaded from analytics.tiktok.com; configured server events are sent to business-api.tiktok.com.
Terms: https://www.tiktok.com/legal/terms-of-service
Privacy: https://www.tiktok.com/legal/privacy-policy

LinkedIn

Used for LinkedIn Insight Tag and an optional administrator-configured conversions endpoint. The browser script is loaded from snap.licdn.com.
Terms: https://www.linkedin.com/legal/user-agreement
Privacy: https://www.linkedin.com/legal/privacy-policy

Pinterest

Used for Pinterest Tag and Pinterest Conversions API. Browser scripts are loaded from s.pinimg.com; configured server events are sent to api.pinterest.com.
Terms: https://policy.pinterest.com/terms-of-service
Privacy: https://policy.pinterest.com/privacy-policy

Snapchat

Used for Snap Pixel and the Snapchat Conversions API. Browser scripts are loaded from sc-static.net; configured server events are sent to tr.snapchat.com.
Terms: https://www.snap.com/terms
Privacy: https://values.snap.com/privacy/privacy-policy

X / Twitter

Used for the X advertising pixel and an optional administrator-configured server endpoint. The browser script is loaded from static.ads-twitter.com.
Terms: https://x.com/en/tos
Privacy: https://x.com/en/privacy

Reddit

Used for Reddit Pixel and Reddit Conversions API. Browser scripts are loaded from redditstatic.com; configured server events are sent to ads-api.reddit.com.
Terms: https://redditinc.com/policies/user-agreement
Privacy: https://www.reddit.com/policies/privacy-policy

Quora

Used for Quora Pixel browser measurement. The browser script is loaded from a.quora.com.
Terms: https://www.quora.com/about/tos
Privacy: https://www.quora.com/about/privacy

Telegram and custom endpoints

The plugin can send an event to a URL entered by the administrator for Telegram, Microsoft, LinkedIn, X, licensing, or a general custom relay. BIG-FLYTX does not provide or hardcode a default vendor-operated endpoint for these options. The site owner chooses the endpoint and is responsible for documenting that endpoint’s provider, terms, privacy policy, and transmitted data to site visitors before enabling it.

Authenticated REST webhook requests always require the configured webhook secret (or an authenticated administrator when no secret is configured) and administrator tracking authorization. When Strict visitor gate mode is selected, the request must also include X-BIG-FLYTX-Consent: granted or a consent_granted value of true, yes, 1, or granted.

Source Code and Build Information

All plugin PHP, CSS, and JavaScript is provided in human-readable form. assets/js/frontend.js is not obfuscated and does not require a build process. A matching source counterpart is included at assets/js/src/frontend.js with build notes in assets/js/src/README.txt. The distributed and source files are intentionally identical. No npm, webpack, transpiler, minifier, or proprietary build tool is required.

Third-party provider scripts are not bundled in the plugin; they are loaded from the providers listed above only after explicit administrator authorization and configuration, and after visitor consent when Strict visitor gate mode is selected.

Screenshots

Installation

  1. Upload the plugin ZIP through Plugins > Add New > Upload Plugin.
  2. Activate BIG-FLYTX by MAS.
  3. Go to BIG-FLYTX > Settings.
  4. Review Privacy, Compliance & Data Retention settings.
  5. Enable only the tracking sources you need.
  6. Add Pixel IDs, Measurement IDs, API tokens, and endpoint details where required.
  7. Test events before using the plugin on a production client site.

FAQ

What tracking mode should I use?

Use Full Tracking when no other tracking plugin controls pixels. Use dataLayer Only when Google Tag Manager controls tags. Use Server Only when browser pixels are already installed elsewhere but BIG-FLYTX should send server events. Use Monitor Only for safe testing and event database logging without sending to ad platforms.

Does it send server-side events automatically?

No. Server-side events are sent only when Global Server Tracking and the specific destination server toggle are enabled and credentials are configured. Otherwise the plugin uses browser/dataLayer tracking only.

Does it track immediately after activation?

No. The plugin is paused by default. A site administrator must enable it from the settings screen.

Does it edit theme or plugin files?

No. It uses WordPress hooks, WooCommerce hooks, browser detection, REST endpoints, and plugin-owned database tables.

Does it store personal data?

It can store name, email and phone when forms or orders provide them, but raw PII storage is disabled by default. Site owners can enable raw storage or keep hashed values only where possible.

Does it require a BIG-FLYTX consent cookie?

Not in Site-owner managed mode. In that mode, the administrator explicitly authorizes the plugin and manages any required visitor notice or consent through the website’s own privacy process or CMP. Strict visitor gate mode is also available and waits for bftx_consent=granted or the bftx_mas_tracking_consent_granted filter.

Does uninstall delete data?

Only if you enable “Delete BIG-FLYTX Tables on Uninstall” before uninstalling.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“BIG-FLYTX by MAS” is open source software. The following people have contributed to this plugin.

Contributors

Translate “BIG-FLYTX by MAS” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.20

  • Replaced the mandatory plugin-specific visitor cookie with explicit administrator opt-in authorization.
  • Added two visitor-consent modes: site-owner managed and optional strict cookie/filter gating.
  • Kept all tracking paused by default and blocked external delivery until the administrator accepts the data-sharing disclosure.
  • Updated REST authorization and privacy documentation to follow the selected consent mode.

1.0.19

  • Made explicit visitor consent mandatory for every tracking mode.
  • Replaced raw PHP-rendered script tags with WordPress script registration, enqueue, localization, and inline-script APIs.
  • Restricted the REST health endpoint to administrators with the manage_options capability.
  • Added complete external-service disclosures with data-use, terms, and privacy links.
  • Added a human-readable JavaScript source counterpart and documented the no-build source process.

1.0.18

  • Final live-data stability pass for CRM/customer import.
  • Live Data Sync can enable raw CRM fields and optionally rebuild BIG-FLYTX Customers/Leads before reimport.
  • Dashboard Purchases and Revenue now include synced historical WooCommerce customer totals, not only newly tracked Purchase events.
  • Customer LTV and event values are formatted to two decimal places in admin tables.
  • Customer upsert now preserves existing CRM fields and avoids overwriting raw name/email/phone with blank data.
  • WooCommerce customer aggregation now uses WooCommerce order APIs for better HPOS/custom order table compatibility.

1.0.15

  • Added WooCommerce total-value payload improvements for orders and carts, including order total, subtotal, discounts, coupon codes, tax, shipping, shipping tax, fees and additional charges.
  • Added cleaner production event controls for low-value browser events, scroll events, generic button clicks, FormStart, and browser Lead fallback.
  • Throttled SessionStart and Search browser detection to reduce live-site noise from repeated page loads or search forms.
  • Reduced false Lead events from checkout/search/builder forms and stopped generic builder/theme clicks unless low-value event tracking is enabled.
  • Kept WooCommerce AddToCart/RemoveFromCart improvements from v1.0.13.

1.0.12

  • Added a Duplicate Event Check admin page to show exact duplicate IDs, repeated order events, browser Purchase fallback issues, rapid repeated events, and noisy Search/Scroll/FormStart/ClickButton patterns.
  • Added Duplicate Check quick link in Tools and a sidebar submenu for easier QA before enabling production ad delivery.

1.0.11

  • Added Tracking Mode options: Full Tracking, dataLayer Only, Server Only, and Monitor Only.
  • Added safer duplicate-tracking detection and recommendations for sites already using GTM, Site Kit, PixelYourSite, Facebook for WooCommerce, TikTok, Pinterest, Bing/Microsoft, or header-script tracking plugins.
  • Updated settings, dashboard, Health Check, and frontend delivery logic to respect the selected tracking mode.

1.0.6

  • Improved settings UI with user-friendly tabs for core tracking, privacy, event mapping, Meta, Google/Bing, social sources, commerce, forms/builders, themes, server/license and tools.
  • Added an enqueued admin JavaScript file for tab switching and improved admin CSS layout.

1.0.5

  • Fixed Plugin Check output escaping error in Meta Pixel initialization.
  • Added a version parameter to the Google gtag enqueue call.

1.0.4

  • Fixed SQL identifier handling, privacy queries, uninstall cleanup, export handling, script enqueue handling, and readme tags for Plugin Check review.

1.0.3

  • Improved CSV export SQL handling by using WordPress identifier placeholders for plugin-owned table names.
  • Bumped minimum WordPress version to 6.2 for safe identifier placeholder support.

1.0.2

  • Updated WordPress.org submission metadata and Tested up to value.
  • Changed default activation posture to paused until the administrator enables tracking.
  • Changed raw PII storage default to disabled.
  • Improved privacy and external service disclosures in readme.txt.
  • Improved small sanitization/escaping details around admin notices and CSV export filenames.

1.0.0

  • Added GPL/readme/uninstall/privacy hardening.
  • Added privacy-policy disclosure content.
  • Added WordPress personal-data exporter and eraser support.
  • Added consent-gating and Do Not Track settings.
  • Added raw PII storage toggle and admin PII masking.
  • Added retention cleanup cron for events/visitors/deliveries.
  • Added safer uninstall routine controlled by plugin setting.

0.9.0

  • Added standard/recommended event mappings for LinkedIn, Pinterest, Snapchat, X/Twitter, Reddit, Quora and Microsoft/Bing.

0.8.0

  • Added GA4 and TikTok event libraries and normalized event mapping.