Streamline Connect is a WordPress plugin that allows you to seamlessly integrate your Voiceflow AI assistants into your WordPress website. The plugin provides a simple interface to manage your assistants and their configurations.
Features
- Connect multiple Voiceflow AI assistants
- Manage assistant configurations
- License management system
- Easy-to-use admin interface
Security Features
StreamlineConnect implements comprehensive security measures to protect your WordPress site:
Nonce Protection:
* All AJAX requests require valid WordPress nonces for verification
* Process page access requires assistant-specific nonces for enhanced security
* Fresh nonce generation system prevents replay attacks
* Different nonce actions for different functionality (payments, licenses, admin operations)
Permission Validation:
* All administrative functions require 『manage_options』 capability
* User authentication required for payment processing
* Database operations are restricted to authorized users only
* Rate limiting on data processing endpoints (10 requests per minute per user)
Input Sanitization:
* All user inputs are sanitized using WordPress standards
* Recursive sanitization for complex data structures
* SQL injection prevention through prepared statements
* XSS protection on all output
Performance Security:
* Security checks only run when necessary to prevent performance degradation
* Early exit strategies for non-plugin pages
* Conditional nonce validation based on operation type
* Transient caching for rate limiting
Data Protection:
* All database queries use WordPress prepared statements
* Sensitive operations require multiple validation layers
* Assistant IDs validated against database before operations
* Domain validation for local development detection
External Services
This plugin connects to external third-party services to provide AI assistant functionality, subscription management, and payment processing. Below is a comprehensive disclosure of all external services used:
1. Streamline Services API (wp-api.streamline.services)
– Purpose: Core subscription management, license validation, billing processing, and AI assistant interaction routing
– What data is sent:
– Domain name and website URL
– User information (first name, last name, email address)
– Billing address information (street address, city, state, postal code, country)
– Payment information (processed securely, not stored by plugin)
– License keys and subscription status
– AI assistant configuration data and interaction logs
– When data is sent:
– During subscription creation and management
– License activation and periodic validation checks
– Every AI assistant interaction and conversation
– Billing status verification (automatic background checks)
– Service Provider: Streamline Services
– Privacy Policy: https://streamline.services/privacy
– Terms of Service: https://streamline.services/terms
Specific API Endpoints:
– https://wp-api.streamline.services/api/subscriptions – Create and manage subscription plans
– https://wp-api.streamline.services/api/subscriptions/by-domain – Check subscription status by domain
– https://wp-api.streamline.services/api/voiceflow/trigger – Process AI assistant interactions
2. Voiceflow API (voiceflow.com)
– Purpose: AI conversation processing and chatbot response generation (accessed through Streamline Services proxy)
– What data is sent:
– User messages and conversation history
– Assistant API keys and configuration
– Session data and conversation context
– When data is sent: Every time a user interacts with an AI assistant
– Service Provider: Voiceflow Inc.
– Privacy Policy: https://www.voiceflow.com/privacy
– Terms of Service: https://www.voiceflow.com/terms
Data Processing Notes:
– All data transmission occurs over secure HTTPS connections
– User interaction data is processed to provide AI responses and improve service quality
– Billing information is handled securely and not permanently stored by the plugin
– License validation occurs automatically to ensure service compliance
– No sensitive WordPress database information is transmitted to external services
