BIG-FLYTX by MAS
BIG-FLYTX by MAS is a WordPress and WooCommerce conversion tracking plugin for GA4, Meta Pixel, Google Tag Manager dataLayer, advertising pixels, leads, purchases, and optional server-side event delivery.
Track first-party visitors, customer journeys, form leads, WooCommerce add-to-cart and purchase events from one dashboard. BIG-FLYTX supports browser tracking, dataLayer-only mode, server-side tracking, event deduplication, consent controls, and customer intelligence.
WordPress Conversion Tracking
Capture normalized page, lead, ecommerce, and conversion events without editing theme files. The plugin stores first-party event data in plugin-owned tables and can route enabled events to dataLayer, browser pixels, or configured server endpoints.
WooCommerce Analytics and Purchase Tracking
Track WooCommerce product views, add-to-cart actions, checkout activity, purchases, order values, customer totals, and revenue while preserving HPOS and Cart/Checkout Blocks compatibility.
Meta Pixel, GA4, and Google Tag Manager
Configure Meta Pixel and Conversions API, Google Analytics 4, Google Ads, Google Tag Manager dataLayer, Microsoft Ads UET, TikTok, LinkedIn, Pinterest, Snapchat, X, Reddit, Quora, Telegram, and custom relays.
Server-side Tracking and Event Deduplication
Use browser, dataLayer-only, server-only, or monitor-only modes. Event IDs and mapping controls help reduce duplicate conversion delivery when other tracking tools are active.
Privacy and Consent Controls
By default, the plugin is installed in paused mode. A site administrator must review the disclosures, explicitly authorize tracking, enable BIG-FLYTX, and enable each desired destination. No visitor event is collected or transmitted merely by installing or activating the plugin.
Data Collection & Privacy
The plugin is paused after activation and does not collect or transmit visitor events until a site administrator enables it.
Tracking starts only after an administrator gives explicit opt-in authorization in BIG-FLYTX settings and enables the plugin. The administrator can choose Site-owner managed mode, where the site owner handles required visitor notices or consent through the site’s own policy/CMP, or Strict visitor gate mode, where BIG-FLYTX also waits for a bftx_consent=granted cookie or the documented bftx_mas_tracking_consent_granted filter. BIG-FLYTX does not display its own consent banner.
When consent has been granted, the plugin can collect visitor IDs, URLs, referrers, UTM parameters, advertising click IDs, browser/user-agent hashes, IP-address hashes, ecommerce event data, product/order data, and safe lead/customer fields such as name, email, and phone when those fields are supplied through forms or commerce transactions.
Raw personally identifiable information storage is disabled by default. Site owners can enable raw name/email/phone storage only when their privacy policy and consent process permit it. Hashes may be stored for matching and deduplication.
The plugin includes explicit administrator opt-in, an optional strict visitor-consent gate, Do Not Track support, raw-PII controls, administrator masking, configurable retention, delivery-log retention, WordPress personal-data export/erase support, and optional uninstall deletion.
External Services
No third-party service is contacted merely by installing or activating the plugin. A service is contacted only when all of the following are true: the administrator explicitly authorizes the disclosed tracking, enables BIG-FLYTX, enables the relevant integration and delivery mode, and configures the required IDs or credentials. If Strict visitor gate mode is selected, visitor consent must also be received before collection or transmission.
Depending on the enabled integration, the plugin may load the provider’s browser script or send a server-side conversion request. Data can include event name, event ID, timestamp, page URL, referrer, UTM values, advertising click IDs, product/order identifiers, items, value, currency, and hashed user identifiers. IP address and user agent can be sent where required by a configured conversions API. API credentials are supplied by the site administrator and are not printed into frontend JavaScript.
Meta / Facebook / Instagram
Used for Meta Pixel and the Meta Conversions API. Browser scripts are loaded from connect.facebook.net; server events are sent to graph.facebook.com only when configured.
Terms: https://www.facebook.com/legal/terms
Privacy: https://www.facebook.com/privacy/policy/
Google Analytics, Google Ads, Google Tag Manager, and YouTube-related measurement
Used for GA4/Google Ads browser measurement, Google Tag Manager, and GA4 Measurement Protocol. Browser scripts are loaded from googletagmanager.com; configured server events are sent to google-analytics.com.
Terms: https://policies.google.com/terms
Privacy: https://policies.google.com/privacy
Microsoft Advertising / Bing UET
Used for Microsoft UET browser measurement and an optional administrator-configured server endpoint. The browser script is loaded from bat.bing.com.
Terms: https://www.microsoft.com/servicesagreement
Privacy: https://privacy.microsoft.com/privacystatement
TikTok
Used for TikTok Pixel and TikTok Events API. Browser scripts are loaded from analytics.tiktok.com; configured server events are sent to business-api.tiktok.com.
Terms: https://www.tiktok.com/legal/terms-of-service
Privacy: https://www.tiktok.com/legal/privacy-policy
Used for LinkedIn Insight Tag and an optional administrator-configured conversions endpoint. The browser script is loaded from snap.licdn.com.
Terms: https://www.linkedin.com/legal/user-agreement
Privacy: https://www.linkedin.com/legal/privacy-policy
Used for Pinterest Tag and Pinterest Conversions API. Browser scripts are loaded from s.pinimg.com; configured server events are sent to api.pinterest.com.
Terms: https://policy.pinterest.com/terms-of-service
Privacy: https://policy.pinterest.com/privacy-policy
Snapchat
Used for Snap Pixel and the Snapchat Conversions API. Browser scripts are loaded from sc-static.net; configured server events are sent to tr.snapchat.com.
Terms: https://www.snap.com/terms
Privacy: https://values.snap.com/privacy/privacy-policy
X / Twitter
Used for the X advertising pixel and an optional administrator-configured server endpoint. The browser script is loaded from static.ads-twitter.com.
Terms: https://x.com/en/tos
Privacy: https://x.com/en/privacy
Used for Reddit Pixel and Reddit Conversions API. Browser scripts are loaded from redditstatic.com; configured server events are sent to ads-api.reddit.com.
Terms: https://redditinc.com/policies/user-agreement
Privacy: https://www.reddit.com/policies/privacy-policy
Quora
Used for Quora Pixel browser measurement. The browser script is loaded from a.quora.com.
Terms: https://www.quora.com/about/tos
Privacy: https://www.quora.com/about/privacy
Telegram and custom endpoints
The plugin can send an event to a URL entered by the administrator for Telegram, Microsoft, LinkedIn, X, licensing, or a general custom relay. BIG-FLYTX does not provide or hardcode a default vendor-operated endpoint for these options. The site owner chooses the endpoint and is responsible for documenting that endpoint’s provider, terms, privacy policy, and transmitted data to site visitors before enabling it.
Authenticated REST webhook requests always require the configured webhook secret (or an authenticated administrator when no secret is configured) and administrator tracking authorization. When Strict visitor gate mode is selected, the request must also include X-BIG-FLYTX-Consent: granted or a consent_granted value of true, yes, 1, or granted.
Source Code and Build Information
All plugin PHP, CSS, and JavaScript is provided in human-readable form. assets/js/frontend.js is not obfuscated and does not require a build process. A matching source counterpart is included at assets/js/src/frontend.js with build notes in assets/js/src/README.txt. The distributed and source files are intentionally identical. No npm, webpack, transpiler, minifier, or proprietary build tool is required.
Third-party provider scripts are not bundled in the plugin; they are loaded from the providers listed above only after explicit administrator authorization and configuration, and after visitor consent when Strict visitor gate mode is selected.
