Abmahn-Shield

Abmahn-Shield prüft deinen WooCommerce-Shop auf die häufigsten Abmahnrisiken im deutschen E-Commerce:

Kostenloser Quick-Scan

• Impressum vorhanden und im Footer verlinkt?
• Datenschutzerklärung vorhanden und verlinkt?
• AGB-Seite konfiguriert?
• Widerrufsbelehrung vorhanden?
• Versandinformationen vorhanden?
• Google Fonts extern geladen? (BGH-Urteil 2022)
• Tracking-Scripte ohne Cookie-Consent?
• Grundpreis-Plugin (PAngV) aktiv?

Deep-Scan (optional, 9,90 EUR einmalig)

• KI-gestützte Analyse des vollständigen HTML-Codes
• Impressum-Inhaltsprüfung (fehlen Pflichtfelder?)
• DSGVO-Konformität der Datenschutzerklärung
• Cookie-Banner-Funktionstest
• BFSG-Barrierefreiheitsprüfung (21+ WCAG 2.1 AA Regeln)
• Streitwert-Einschätzung pro Verstoß
• Priorisierte Fix-Empfehlungen

Rechtliche Grundlage

Basierend auf aktueller Rechtsprechung (BGH, EuGH) und Gesetzeslage:

• DDG §5 (Impressumspflicht)
• DSGVO Art. 13 (Datenschutzerklärung)
• TDDDG §25 (Cookie-Einwilligung)
• §355 BGB (Widerrufsrecht)
• PAngV (Grundpreisangaben)
• BFSG (Barrierefreiheitsstärkungsgesetz, ab Juni 2025)
• BGH-Urteil Google Fonts 2022

Hinweis

Dies ist eine technische Compliance-Einschätzung, keine Rechtsberatung im Sinne des RDG. Für rechtsverbindliche Prüfung bitte einen Fachanwalt hinzuziehen.

External services

This plugin connects to the Abmahn-Shield API to perform Deep-Scans and process payments. The Quick-Scan runs entirely locally within your WordPress installation and does not send any data to external servers.

Abmahn-Shield API (Deep-Scan)

When you initiate a Deep-Scan, the plugin sends your shop’s URL to the Abmahn-Shield API for a comprehensive compliance analysis. No customer data, order data, or product data is ever transmitted.

• What data is sent: Your shop’s URL (home_url), your admin email address (for account registration and scan result delivery), and the scan ID.
• When data is sent: Only when you explicitly click “Deep-Scan starten” or “Jetzt kaufen” in the plugin admin page.
• Service provider: Abmahn-Shield, Dennis Stahlhut, Holsen 7a, 59075 Hamm, Germany.
• API endpoints used:
  • https://abmahn-shield.de/api/wc/register — One-time site registration. Called only on the first Deep-Scan or first Deep-Scan checkout (never during the local Quick-Scan).
  • https://abmahn-shield.de/api/wc/scan — Sends the shop URL for Deep-Scan analysis.
  • https://abmahn-shield.de/api/wc/checkout — Initiates the payment process for the Deep-Scan report.
• Terms of service: https://abmahn-shield.de/agb
• Privacy policy: https://abmahn-shield.de/datenschutz

Stripe (Payment Processing)

When you purchase a Deep-Scan report, the payment is processed by Stripe. The plugin does not handle any payment credentials directly. You are redirected to Stripe’s secure payment page.

• What data is sent: Your email address and the scan ID are passed to Stripe via the Abmahn-Shield API to create a payment session.
• When data is sent: Only when you click “Jetzt kaufen” to purchase a Deep-Scan report.
• Service provider: Stripe Technology Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
• Terms of service: https://stripe.com/de/legal/consumer
• Privacy policy: https://stripe.com/de/privacy

Local-only pattern matching (no external connections)

The Quick-Scan analyzes your shop’s HTML output locally within WordPress to identify whether common third-party tracking scripts or font CDNs are loaded by your theme or other plugins. The plugin performs string comparisons against well-known domain names but does not connect to, transmit data to, or otherwise interact with any of these services. The domain names below appear in the plugin source code (includes/class-scanner.php) only as literal string arguments to PHP’s strpos() function.

We document them here together with their terms and privacy policies so that you, as the shop operator, can make an informed compliance decision if the Quick-Scan reports that any of these scripts are present on your store.

• Google Fonts CDN — detected domains: fonts.googleapis.com, fonts.gstatic.com
  • Service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Terms: https://policies.google.com/terms
  • Privacy: https://policies.google.com/privacy
• Google Analytics / Google Tag Manager — detected domains: google-analytics.com, googletagmanager.com (and gtag( function call)
  • Service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Terms: https://policies.google.com/terms
  • Privacy: https://policies.google.com/privacy
• Meta Pixel (Facebook) — detected domains: connect.facebook.net, facebook.com/tr (and fbevents.js)
  • Service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  • Terms: https://www.facebook.com/legal/terms
  • Privacy: https://www.facebook.com/privacy/policy
• TikTok Pixel — detected domain: tiktok.com/i18n/pixel
  • Service: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
  • Terms: https://www.tiktok.com/legal/page/eea/terms-of-service/en
  • Privacy: https://www.tiktok.com/legal/page/eea/privacy-policy/en
• Hotjar — detected domain: hotjar.com
  • Service: Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta.
  • Terms: https://www.hotjar.com/legal/policies/terms-of-service/
  • Privacy: https://www.hotjar.com/legal/policies/privacy/
• Microsoft Clarity — detected domain: clarity.ms
  • Service: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
  • Terms: https://www.microsoft.com/legal/terms-of-use
  • Privacy: https://privacy.microsoft.com/privacystatement

To repeat: the plugin does not connect to, request from, or send any data to the services listed above. These domain strings exist only to recognize when those services are already embedded by the shop operator’s theme or other plugins, so the Quick-Scan can warn about consent-related compliance risks under TDDDG §25 and GDPR Art. 6.