A customer emails: “please delete all my personal data.” Under GDPR, CCPA, or similar, you have a deadline and an obligation. Without the right tools, that means hunting through WooCommerce orders, your customer-intelligence tables, review records, email logs, half-remembered integrations… and missing things.
Tracksies hooks into WordPress’s built-in privacy machinery so one request covers everything Tracksies touches. The customer profile, the aliases, the interaction history, the linked-account relationships, the audit-log traces all scrub when you approve the erasure. The full data record comes out of the export. You don’t maintain a separate checklist.
How exports work
From Tools > Export Personal Data in wp-admin, enter the customer’s email and fire the request. WooCommerce exports its own data (orders, addresses). Tracksies joins in with:
- The customer profile (name, email, phone, company, status, lifetime value, order count, first order date, created date).
- Status reason and internal notes: the free-text fields your team has added about the customer.
- Linked account metadata: if the customer linked their own account to another, the forward link shows on the export. Reverse links (other accounts pointing to this one) are summarised as a count, so another person’s identity isn’t included in this subject’s export.
- Aliases: every alternate email, phone, address, or name recorded against the customer.
- Interactions: notes, calls, emails, complaints, and preferences your team has logged.
- Email history from Tracksies’ email log.
The export is WordPress-standard: HTML or JSON depending on the admin’s choice, emailed to the requester (or available for admin download) in the usual WP way.
How erasure works
From Tools > Erase Personal Data, the same flow approves the erasure. Tracksies then:
- Deletes the customer record, their aliases, their interactions, their transactions, their email log and email preferences, their order-meta row.
- Anonymises the audit log: rows where this customer was the subject get their old/new value JSON nulled (so reason text and status changes stay for audit shape, but the subject’s personal information is stripped); rows where this customer was the actor get their IP address and user agent nulled.
- Unlinks other customers whose
linked_to_customer_idpointed at this one. The other customers’ records stay, but the dangling reference is cleared. - Nulls the customer’s email on any Tracksies returns records (the return itself stays for business records; the tie-back to the person is removed).
What stays: WooCommerce orders (WC’s own privacy flow handles those separately, usually kept for tax compliance and anonymised at the order level), order counts rolled into aggregate analytics, and audit-log action shapes without their personal information contents.
Unsubscribe from Tracksies-sent emails
Every customer-visible Tracksies email (review requests from Trustie, customer-directed HQ emails) includes an unsubscribe link. The link lands on a confirmation page that records the preference in a customer-level opt-out table. Tracksies checks that table before sending any further customer-visible email.
The customer can also manage the preference from My Account if you’ve exposed that surface.
A note: WooCommerce transactional emails (order confirmation, shipping notification, return receipts) are legally required in most jurisdictions and don’t subscribe / unsubscribe. Tracksies’ unsubscribe covers solicitation-adjacent mail, not legally-mandatory transactional mail.
Audit trail when it matters
If audit logging is turned on (it’s off by default; see the Audit log feature), every admin action against a customer record is captured: status changes, flag changes, alias add/remove, link/unlink, erasures, exports. You can demonstrate who did what, when, in response to regulator or subject queries.
Privacy-aware feature design
Beyond the compliance tools, a few design choices across Tracksies are privacy-minded by default:
- The packing card shows your packer aggregate counts and status colour, not linked-account identity or reason text. Lower-trust staff don’t see customer personal information beyond what they need to pack an order.
- The customer-profile page is gated to staff with
manage_woocommerce. Roles below that can’t navigate to it directly. - The audit log is opt-in, so it doesn’t quietly accumulate personal information before you need it to.
- The debug log rotates automatically (default 7 days, 5 MB) and redacts sensitive fields like status reason text, so operational troubleshooting doesn’t leave personal information in log files indefinitely.
A note on what this is and isn’t
The toolset here is robust: data-subject access requests, erasure, unsubscribe, audit trail, all wired into WordPress’s standard privacy flows so the workflow your team learns once applies everywhere. Most data-protection regimes (GDPR, CCPA, Australia’s Privacy Act, UK GDPR) ask for the same broad shapes of capability, and these tools are built to support them.
What we can’t tell you is whether your specific configuration, retention settings, and policy approach satisfy your specific regulator. Privacy law varies by jurisdiction and changes regularly. We’ve built the levers (export, erase, unsubscribe, audit, retention controls); making sure they’re pulled correctly for the rules you trade under is a conversation for a lawyer who works in privacy in your country.
If you’re weighing this up against Complianz, CookieYes, or Iubenda
Complianz, CookieYes, and Iubenda handle cookie-consent banners and privacy-policy generation. They add a consent banner to your frontend, build you a policy page, and give you the cookie-compliance tooling for GDPR / CCPA / ePrivacy.
Tracksies’ privacy features handle the data-subject-rights side: export, erase, unsubscribe, for the customer data Tracksies itself holds. The two don’t overlap. Complianz handles “ask for consent” at the front door; Tracksies handles “respond to a data request” once a customer is in the system. Most privacy-conscious shops run both.
Why shops run it this way
Privacy request handling is one of those things you don’t think about until you get your first one. When it arrives, you want the tools already wired up so you can respond inside the mandated window without hand-ragging around your database. Tracksies plugging into WordPress’s built-in privacy tools means the workflow is the same as every other WP admin’s privacy flow. No new UI to learn; no surprises in the moment that matters.