Ettic Docs
OpenTrust

FAQ

Quick answers to common OpenTrust questions.

Getting started

Is OpenTrust really free?

Yes. GPL-2.0-or-later with no paid tier, no unlock screens, no feature gating, no "pro add-on." The only variable cost is your AI provider bill if you enable the chat, billed directly by the provider, never by us.

Do I have to enable the AI chat?

No. The plugin works as a fully static trust center without ever adding an API key: policies, certifications, subprocessors, data practices, FAQ, contact block. The AI assistant is additive; flip it on when you're ready, flip it off any time.

How long does setup take?

Five minutes for a static trust center: install, set company name and accent colour, add a few policies, visit /trust-center/. Another five if you want the AI chat: pick a provider, paste a key, pick a model, save.

Does it generate PDFs?

Not automatically, that's intentional. Auto-rendered PDFs from HTML almost always look worse than the source, and most legal teams prefer a hand-crafted master copy anyway. If you want a PDF download next to a policy, upload your authoritative version via the media library and OpenTrust shows the Download button. No PDF, no button.

What's the minimum stack?

PHP 8.1+, WordPress 6.0+. No Composer vendor tree, no build step, no Node dependency. libsodium (bundled with PHP 7.2+) is used for secret encryption. That's the whole stack.

AI chat

What does running the chat actually cost?

Pocket change for most sites. You only pay your AI provider directly for tokens consumed, and the agentic retrieval engine fetches just the documents needed per question instead of dumping the whole corpus on every request. Ballpark, on Anthropic Claude Sonnet at current pricing:

  • Quiet (~50 conversations/month): under $3/month.
  • Typical (~200 conversations/month): $8 to $15/month.
  • Busy (~1000 conversations/month): $40 to $60/month, near the default monthly cap.

Hard ceilings are 500K tokens/day and 10M tokens/month, enforced by reserve-commit-release accounting. Tune them to your appetite. Once a cap is hit, visitors see a graceful "come back later" state, never a surprise bill.

What stops someone burning through my AI credits?

Three overlapping defences. Token budgets are hard ceilings, not soft hints. Per-IP (60s) and per-session (60min) sliding-window rate limits keep one visitor from flooding the queue. Optional Cloudflare Turnstile gates the first message of every session, with a 1-hour bypass transient so repeat readers are not pestered.

Does the AI stay in sync when I update a policy?

Yes, automatically. The corpus the model sees is cached as a transient and invalidated the moment any OpenTrust post is saved, trashed, restored, or transitions status. Even if nothing changes, the cache expires after 12 hours. There is no "reindex" button to forget.

Which provider should I pick?

Anthropic. It's the only provider where citations are a first-class API feature, with each citation anchored to a specific document and character range. For a trust-center chatbot the citation is the product, so the source-anchoring matters more than anything else. OpenAI and OpenRouter are supported but not recommended; they fall back to inline marker parsing, which can produce citations that look valid in the UI but do not actually map to a passage the model read. See AI Chat / Choose a provider for the full reasoning.

Can I switch providers later?

Yes. Save a new API key for the new provider. The old encrypted key stays in opentrust_provider_keys until you click Forget key, but only the active provider's key is used.

Privacy

Does the plugin phone home?

No. Zero telemetry, zero analytics, zero licence checks. Out of the box, with no API keys configured, the plugin makes zero outbound HTTP calls. The only services it can contact are the ones you opt into (AI providers when you add a chat API key, Cloudflare Turnstile when you enable it), both fully documented in Privacy & Security and constrained by an SSRF host allowlist. Even fonts are bundled locally; nothing leaks to Google Fonts.

What do chat logs store about visitors?

Structurally, never PII. The wp_opentrust_chat_log table has no columns capable of holding raw IPs, emails, session IDs, user agents, or referers, only short hashed identifiers, the question text (capped at 1000 chars), and aggregate token counts. A 90-day purge runs on wp_cron. The privacy posture is enforced by the schema itself, not by good intentions. Logging can also be disabled entirely.

Are my AI provider keys safe?

Yes. They're encrypted at rest with libsodium secretbox using a key derived from wp_salt('auth'). Rotating AUTH_KEY invalidates every stored secret atomically: a database leak alone does not leak your keys. After an AUTH_KEY rotation you re-enter the keys once and you're back.

Compatibility

Will it clash with my theme?

It can't. The trust center intercepts the request at template_redirect, outputs a complete standalone HTML document with inlined CSS, and exits. Your theme's stylesheet, header, footer, and JavaScript never load. All styles are wrapped in @layer opentrust and prefixed with ot- for belt-and-braces isolation.

Does it work with WPML or Polylang?

Yes. OpenTrust ships a wpml-config.xml declaring the four content CPTs as translatable plus the relevant meta keys. The chat corpus is locale-aware: each active language gets its own cached corpus. Per-policy chat summaries are also per-locale.

Multisite?

Single-site activations work fine. There is no network-mode rollup or shared configuration in v1.x.

What about page caches and CDNs?

The trust center pages are cacheable. The /ask/ page is dynamic per request and should be excluded from page caches (it streams server-sent events). The plugin sets standard cache headers on the /ask/ response so most caches respect that automatically.

Audit

Is there an audit trail for policy changes?

Yes. Tick the "publish new version" box on save; OpenTrust bumps the version number and archives the prior text as a WordPress revision. Each historical version is reachable at a stable URL (/trust-center/policy/{slug}/version/{n}/) so auditors can cite "as of v4" without you digging through revisions. Buyers see "last updated" on the current policy; auditors get the receipts.

Can I export everything to a different environment?

Yes. OpenTrust → Settings → Import & Export produces ZIP archives of either content (all five CPTs with meta and attachments) or settings (the opentrust_settings array plus the logo and AI avatar). Import on the destination with three conflict strategies (skip, overwrite, create_new). Encrypted secrets are deliberately excluded; you re-enter those on the destination.

Programmatic API

Repository, Version, Catalog, Secrets, Budget, Log, IO, and Corpus public methods.

Troubleshooting

Common OpenTrust failure modes and how to fix them.

On this page

Getting startedIs OpenTrust really free?Do I have to enable the AI chat?How long does setup take?Does it generate PDFs?What's the minimum stack?AI chatWhat does running the chat actually cost?What stops someone burning through my AI credits?Does the AI stay in sync when I update a policy?Which provider should I pick?Can I switch providers later?PrivacyDoes the plugin phone home?What do chat logs store about visitors?Are my AI provider keys safe?CompatibilityWill it clash with my theme?Does it work with WPML or Polylang?Multisite?What about page caches and CDNs?AuditIs there an audit trail for policy changes?Can I export everything to a different environment?