README

TenBruggencateLegalPages

Dutch / English / German legal page templates with configurable merge fields for company details. Drop in, fill in the admin fields, ship.

License: MIT · Shopware: 6.7.x · PHP: 8.1 / 8.2

🇬🇧 English · 🇳🇱 Nederlands · 🇩🇪 Deutsch

📖 More context: Why we built this · How it compares

⚠️ IMPORTANT — this plugin provides TEMPLATE legal text. Have a legal professional (Dutch / German / EU consumer law) review your configured text before it's exposed to real customers. Templates are a starting point, not a guarantee.

Screenshots

Privacy page with v1.2.0 "Last updated" timestamp

Privacy page — mobile (responsive)

What it does

Every Shopware store needs imprint, privacy, shipping, returns, and a disclaimer. Most shops either (a) copy-paste text from another site (legal risk) or (b) leave them as Lorem Ipsum until launch day (worse legal risk). This plugin ships sensible nl/en/de defaults based on Dutch EU-compliant consumer-law templates, with your company details merged in from the admin at render time.

• Five pages, routable out of the box
• Merge-field pattern — admin fills in company details once; every page picks them up
• Three locales — nl-NL, en-GB, de-DE
• Per-page toggle — disable pages you don't need (e.g. if you already have a custom privacy page elsewhere)
• Per-page "Last updated" timestamp (v1.2+) — five new optional datetime config fields let you record when each page was last reviewed. Renders below the page heading as a localised line (Last updated 9 May 2026 / Laatst bijgewerkt op 9 mei 2026 / Zuletzt aktualisiert am 9. Mai 2026) using Twig's format_date('long'). Wrapped in <time datetime="YYYY-MM-DD"> for machine readers and Schema.org. Empty config hides the line

Install

composer require tenbruggencate/legal-pages
bin/console plugin:refresh
bin/console plugin:install --activate TenBruggencateLegalPages
bin/console cache:clear

Pages

Configuration

Configurable per sales channel from Extensions → Legal Pages.

Merge fields

The following placeholders are replaced with your configured values at render time:

{companyName}, {companyAddress}, {companyEmail}, {companyPhone}, {kvkNumber}, {btwNumber}, {returnDays}, {shippingCost}, {freeShippingThreshold}

To override any page's template, copy src/Resources/views/storefront/page/legal/<slug>.html.twig into your theme and edit. The merge-field resolver runs against whatever HTML/Twig you ship.

Standards

• Performance — static template rendering; no DB queries at request time. Merge-field substitution is a single strtr() call.
• SEO — every legal page ships with appropriate <meta name="robots"> defaults: indexable (search engines should see your terms & privacy), proper <title> and <meta description> derived from the page content, stable URLs.
• GDPR — the privacy page template explicitly documents what you collect, why, and how long you keep it. Adapt the template to match your actual processing; don't leave the defaults unread. The plugin itself stores no visitor data — full data-flow documentation in GDPR.md.
• WCAG 2.2 AA — semantic heading hierarchy (h1 / h2 / h3), proper lists for enumerated terms, keyboard-accessible <a> tags, no colour-only information. Live axe-core audit output + desktop + mobile screenshots: docs/ACCESSIBILITY.md.
• Security — merge-field substitution is done on server-side; no user input reaches the templates. All admin-supplied values are escaped via Twig.
• Uninstall — plugin:uninstall --keep-user-data preserves every TenBruggencateLegalPages.config.* row (company name, VAT, KvK, per-page toggles); without the flag the destructive path clears them all. No owned tables.

Production-readiness checklist

A deliberately short list of things to verify before enabling the plugin on a customer-facing storefront. Not legal cover — the MIT license already disclaims warranty AND the templates ship with a "have a lawyer review before going live" disclaimer in their getting-started copy — but practical guidance an experienced operator would want anyway.

• [ ] Have a legal professional review the rendered text for your jurisdiction. The defaults are based on Dutch / EU consumer-law templates; UK shops post-Brexit, Swiss shops, and shops outside the EEA need adjustments. The plugin's intro banner in admin already says "TEMPLATES, not legal advice" — heed it.
• [ ] Fill every merge field that appears on a page you've enabled. An empty kvkNumber renders the literal string KvK: followed by nothing — visibly broken. The configuration UI flags blanks but doesn't block save.
• [ ] *Set per-page `lastUpdated` dates (v1.2+) the moment you ship the reviewed text** — visible "last reviewed" dates are a soft trust signal for visitors and a hard one for consumer-protection authorities. Date-pickers in the admin take seconds.
• [ ] Decide which pages you actually want. The five toggles (enableVoorwaarden, enablePrivacy, etc.) default to on; turn off any you have a custom version of elsewhere (e.g. an existing privacy CMS page) so the plugin's route returns 404 instead of competing.
• [ ] Test on staging that the routes resolve. The plugin's routes are at /legal/voorwaarden, /legal/privacy, etc. — make sure your theme's footer links point at them (or your custom URLs, if you remap).

Compatibility

Core platform

Database

Browsers (storefront)

Evergreen browsers only — the two most recent stable releases of each:

Internet Explorer and legacy Edge are not supported. The plugin emits no runtime JS (where applicable) so graceful degradation on older browsers usually still renders content, just without progressive enhancements.

Admin browsers

Same evergreen matrix — the Shopware admin is Vue-based and has its own compatibility baseline that this plugin doesn't extend or narrow.

Development

Accessibility

WCAG 2.2 level A + AA — see docs/ACCESSIBILITY.md for axe-core audit output and per-page violations.

What we test before each release

• Full PHPUnit unit suite against PHP 8.1 + 8.2 (source-inspection tests don't need a kernel)
• PHPStan level 8 + PHP-CS-Fixer (@PSR12 + @Symfony)
• Composer validate on every plugin
• Live-DB smoke tests (plugin install → activate → route render → uninstall cycle)
• axe-core audit on the primary storefront surfaces (see ACCESSIBILITY.md)

Related plugins

• TenBruggencateMultiBrand — per-brand configuration: each sales channel carries its own companyName / kvkNumber / etc., so a multi-brand store renders each brand's legal pages with its own entity details
• TenBruggencateMaintenance — legal footer links render in the maintenance footer so visitors can still reach imprint / privacy during downtime
• TenBruggencateNewsletterLite — /legal/privacy is the natural target for the privacyPageUrl config in NewsletterLite

Support

• Email: guy@tenbruggencatedevelopment.nl
• Docs & news: tenbruggencatedevelopment.nl
• Source / issues: Bitbucket repo
• Security vulnerabilities: see SECURITY.md — email first, no public issues, 72-hour acknowledgement SLA

License

MIT © Ten Bruggencate Development

Legal template text in snippets is provided under MIT for reuse, but template text alone does not constitute legal advice. You are responsible for adapting it to your business and jurisdiction.