WooCommerce Subscriptions supports the tools that enable store managers to comply with the General Data Protection Regulation (GDPR). This support is built on the functionality included in WooCommerce and WordPress. Below is information on how Subscriptions handles customer data.
Data Subscriptions Uses
Subscriptions accesses and records data similar to WooCommerce. The data used by Subscriptions includes:
- Subscription ID Number
- Date Created
- Recurring Total
- Subscription Items
- IP Address
- Browser User Agent
- Billing Address
- Shipping Address
- Phone Number
- Email Address
- Payment Gateway tokens
Data retention
Inactive user data retention
With WooCommerce, it is possible to erase customers’ data after a set amount of time. This setting is under WooCommerce > Settings > Accounts & Privacy > Personal data retention. With WooCommerce Subscriptions, customers who have at least one subscription are exempt from this cleanup. This is to prevent customers who have subscriptions from having their data removed while they still have a subscription.
Ended subscription data retention
It is possible to anonymize data associated with subscriptions after a set amount of time. This applies to subscriptions that are ended, meaning that they have a status of cancelled, expired, switched, or trash.
To find this setting:
- Go to WooCommerce > Settings > Accounts & Privacy
- Scroll to the section labeled Personal data retention
- The setting is called Retain ended subscriptions
Export or Erase Customer Data
The ability to export or erase customer data is built into tools in WordPress. Subscriptions supports these tools by including subscription data as a part of the data that is exported or erased.
Data export
When data is exported, the user is given a file that contains their data. Subscriptions adds each subscription the user has, and data that is connected to each subscription, to this file. Similarly, when data is erased, Subscriptions erases this data.
Example of the Subscriptions portion of a data export:
Data erasure
Data erasure setting
To remove personal data from subscriptions during a data erasure request, a setting must be enabled. To enable this setting:
- Go to WooCommerce > Settings > Accounts & Privacy
- Go to the section labeled Account erasure requests
- Check the box labeled Remove personal data from subscriptions
When personal data is erased and the data removed from the corresponding subscriptions, the subscriptions will be cancelled.
Bulk erase data from subscriptions
It is also possible to erase personal data on subscriptions in bulk. The corresponding subscriptions will then be cancelled and have the personal data removed. This only removes the data from the subscriptions chosen and not the related orders.
To erase personal data on subscriptions:
- Go to the WooCommerce > Subscriptions administration screen
- Select the subscriptions that you wish to remove personal data from using the checkboxes
- In the Bulk Actions dropdown, select Cancel and remove personal data
- Click Apply
Privacy Policy Guide
In order to ensure store managers have what they need to comply with the GDPR, WordPress includes a privacy policy guide. Subscriptions adds a section to this guide to help store managers understand what information Subscriptions uses and be better able to write their own privacy policies.
To see Subscriptions’ section in the privacy policy guide:
- Go to the WordPress administrator dashboard
- Go to Settings > Privacy and click the link to Check out our guide
- Scroll to the section labeled Source: WooCommerce Subscriptions
OR
- Go to
https://example.com/wp-admin/tools.php?wp-privacy-policy-guide#wp-privacy-policy-guide-woocommerce-subscriptions, replacingexample.comwith your site’s URL.