GDPR — data export & erasure – CHADA Creatives Inc. Shop

WooFraudGuard hooks into WordPress\’s native Personal Data Export and Erase Personal Data tools (Tools → Export Personal Data / Erase Personal Data).

What\’s exported

When a customer requests their data export, the plugin returns four data groups:

Risk scores — Order ID, total score, decision, recorded-at timestamp.
Behavioural signals — Order ID, the JSON payload captured by the collector (paste/type counts, timing, autofill flags), recorded-at.
Chargebacks — Order ID, gateway, reason, amount, received-at.
Linked orders — Pivot order ID, linked order ID, edge type (the shared atom).
Blocklist entries — Type, value, source, created-at, expires-at (only entries whose value matches the customer\’s atoms).

What\’s erased

When a customer requests erasure, the plugin deletes their behavioural payloads but retains the risk score row and any blocklist entries. This is permitted under GDPR Article 17(3)(b) — \”for compliance with a legal obligation\” — because retaining minimum fraud signals is necessary for chargeback dispute defence.

The exporter adds a note to the response confirming which rows were retained and why: \”Some WooFraudGuard rows for order #1234 were retained for fraud-prevention purposes.\”

Data retention

Beyond per-customer requests, the daily cron purges everything older than the configured retention window (default 365 days) under Settings → Privacy → Data retention.