Add guest management and GDPR privacy compliance (v0.4.0)

- Create Guest CPT with personal info, address, ID/passport tracking
- Add guest-booking integration with AJAX search and linking
- Implement GDPR compliance via WordPress Privacy API (export/erasure)
- Update EmailNotifier to use Guest CPT data with new placeholders
- Add CSS styles for guest search, linked display, and privacy UI

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CHANGELOG.md

@@ -5,6 +5,63 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.4.0] - 2026-01-31
+
+### Added
+
+- Guest Management System with dedicated CPT:
+  - Custom Post Type: Guests (`bnb_guest`)
+  - Personal information fields (name, email, phone, DOB, nationality)
+  - Address fields (street, city, postal code, country)
+  - Identification fields (ID type, number, expiry date)
+  - Guest status tracking (active, inactive, blocked)
+  - Internal notes and preferences
+  - GDPR consent tracking (marketing, data processing, consent date)
+  - Booking history display with statistics
+  - Helper methods: `get_by_email()`, `get_bookings()`, `get_booking_count()`, `get_total_spent()`, `get_full_name()`, `get_formatted_address()`
+- Guest-Booking Integration:
+  - Guest search by email/name with AJAX autocomplete
+  - Link existing guests to bookings
+  - Create new guests from booking form
+  - Guest profile link in booking admin
+  - Automatic guest data sync when linked
+  - Backward compatibility for legacy bookings without guest_id
+- GDPR/Privacy Compliance (`src/Privacy/Manager.php`):
+  - WordPress Privacy API integration
+  - Personal data exporter (guest profile + booking history)
+  - Personal data eraser with anonymization option
+  - Privacy policy content suggestion
+  - Support for WordPress Tools > Export/Erase Personal Data
+  - Guest anonymization (replaces PII with placeholder data)
+  - Booking anonymization for connected bookings
+- Email Notifier Enhancements:
+  - Guest data retrieval from Guest CPT when available
+  - Fallback to booking meta for legacy bookings
+  - New placeholders: `{guest_first_name}`, `{guest_last_name}`, `{guest_full_address}`
+- Admin UI Styles:
+  - Guest search container and results styling
+  - Linked guest display card
+  - Booking history table in Guest
+  - Consent status indicators
+  - Guest status badges
+  - Privacy action buttons
+  - Anonymized data display
+
+### Changed
+
+- Booking meta box updated with guest search/link functionality
+- Plugin.php now initializes Guest CPT and Privacy Manager
+- Admin JavaScript includes guest search with debounce
+- Admin CSS extended with Guest and Privacy styles
+
+### Security
+
+- Guest email used as unique identifier for deduplication
+- GDPR-compliant data export and erasure
+- Consent tracking with timestamps
+- Anonymization preserves booking records while removing PII
+- AJAX endpoints secured with nonce verification
+
 ## [0.3.0] - 2026-01-31
 
 ### Added
@@ -191,6 +248,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Input sanitization and output escaping
 - Server secret masking in license settings
 
+[0.4.0]: https://src.bundespruefstelle.ch/magdev/wp-bnb/releases/tag/v0.4.0
 [0.3.0]: https://src.bundespruefstelle.ch/magdev/wp-bnb/releases/tag/v0.3.0
 [0.2.0]: https://src.bundespruefstelle.ch/magdev/wp-bnb/releases/tag/v0.2.0
 [0.1.0]: https://src.bundespruefstelle.ch/magdev/wp-bnb/releases/tag/v0.1.0