Privacy Settings

Easy Digital Downloads 2.9.2 introduces a new collection of privacy settings that you can configure by going Downloads -> Settings -> Privacy (tab). These settings are designed to help your store meet the requirements outlined in General Data Protection Regulation (GDPR). For more information on GDPR, please read our blog post.

The Privacy settings screen is separated into sections based on purpose and functionality. Please review the following information to learn more about these settings and how to configure them to meet your needs.

Easy Digital Downloads Privacy settings are based on functionality introduced in WordPress 4.9.6. This WordPress release provides the tools needed to set a designated Privacy Page (Settings -> Privacy), export user data on demand (Tools -> Export Personal Data), and erase user data on demand (Tools -> Erase Personal Data).

The following Easy Digital Downloads settings either complement or integrate with those new WordPress tools.

General Privacy settings

The General settings provide tools needed to make sure your customers are aware of your Privacy Policy and can explicitly agree to your Privacy Policy.

Agree to Privacy Policy

In a similar fashion to the Agree to Terms setting, you can enable a checkbox to display on your checkout form that requires customers to agree to your Privacy Policy.

Agree to Privacy Policy Label

If your Privacy Policy setting is enabled, use this text field to set the label you'd like to display beside the checkbox.

Show the Privacy Policy on checkout

You do not have to display the actual text of your Privacy Policy on the checkout page. Your checkbox and label can simply request consent. However, if you want to display the full text of your Privacy Policy on checkout, enabling this setting will add a toggle link just above your Agree to Privacy Policy checkbox that will expand and collapse when clicked, allowing customers to view the Privacy Policy before completing checkout.

The text displayed here will come directly from the content of the page you have designated as your WordPress Privacy Page ( Settings -> Privacy).

Export & Erase Privacy settings

As mentioned previously, WordPress has introduced the ability to export user data on demand ( Tools -> Export Personal Data) and erase user data on demand (Tools -> Erase Personal Data).

When you run these processes, Easy Digital Downloads will either export or erase any personally identifiable customer information. That means if you are asked to erase a WordPress user from your site, and that user has a customer record in Easy Digital Downloads, the customer information will also be erased, allowing you to be GDPR-compliant. Likewise, historical payment records associated with that customer record may be affected in a way that allows you to maintain important financial history while still removing all personally identifiable customer information.

Each payment record associated with a customer that is being erased from your site will be affected based specifically on the payment record's payment status. For example, the default behavior for a Completed payment record that is associated with a customer that is being erased is to simply remove all personally identifiable customer information from the payment record, but leave the financial information intact. That way your reporting remains accurate.

Payment Status Actions

The settings found on the Export & Erase page allow you to specify exactly what actions you want to perform on payment records based on their payment status. For each payment status, you have the following options:

  • No Action
  • Anonymize
  • Delete

Each payment status has a default action, which is the action we recommend based on the nature of the payment status. But you can select any of the payment status actions you'd like for each payment status. See descriptions below.

No Action

If a payment status is set to No Action, all payment records with that payment status will remain unaffected when the associated customer record is processed during the erasure process. The only change you should notice on the payment record is that the associated customer is now linked to an anonymized customer record.

By default, Pending and Processing payments will have no actions performed on them.

Anonymize

If a payment status is set to Anonymize, all payment records with that payment status will be scanned for personally identifiable customer information and that information will either be erased, or anonymized so that it can no longer be traced back to an individual.

For example, a payment record with a customer's first and last name will have the first and last name completely removed. However, on the same payment record, the email address used to complete the payment will be masked so that it is no longer specific to the individual making the purchase.

By default, Completed, Refunded, and Revoked payments will be anonymized.

Delete

If a payment status is set to Delete, all payment records with that payment status will be completely deleted from your store history when the associated customer is erased.

By default, Failed and Abandoned payments will be deleted.

NOTE: All official Easy Digital Downloads extensions support Export & Erase Privacy settings. Any extension not specifically listed gets personal data from other parts of Easy Digital Downloads covered in the Export & Erase settings.

Privacy Page

The Privacy Page settings are core WordPress functionality (introduced in WordPress 4.9.6), located at (Settings -> Privacy). This settings page will allow you to designate a single page on your site as your Privacy Page.

Once you have created this page and set it as your WordPress Privacy Page, you will notice a message on the page edit screen that links you to a guide providing of tips and suggested text for your Privacy Page.

When you visit the suggested guide, you may see several sections on the page with suggested text that pertains to the privacy concerns of various plugins, themes, or other tools that you have installed on your website.

Find the section titled Source: Easy Digital Downloads. There, you can copy our suggested text and place it in your Privacy Page content.

The provided text is our best suggestion for covering a portion of the information you need to disclose when your customers read your Privacy Policy. However, it remains your responsibility to make sure custom functionality, unique data handling/processing, and any other details related to personally identifiable information are accounted for in your Privacy Policy.

Please be sure to hire legal counsel to ensure your Privacy Policy covers the needs of your business.

Developers

For details about how to integrate your extensions and custom functionality with the new tools, please read our development blog post.