Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User data retention on user delete #818

Open
Stiofan opened this issue Dec 17, 2024 · 0 comments
Open

User data retention on user delete #818

Stiofan opened this issue Dec 17, 2024 · 0 comments

Comments

@Stiofan
Copy link
Collaborator

Stiofan commented Dec 17, 2024

GetPaid Plugin - Data Retention Implementation

Overview

Implement user data retention and anonymization system for GetPaid plugin, complying with UK data retention laws while preserving required invoice data.

Requirements

1. Pre-Deletion Hook

  • Hook into userwp_before_delete_user with priority 8
  • Hook into WordPress's wp_privacy_personal_data_erasure_request
  • Check for paid invoices using GetPaid's API
  • For users who have active subscriptions, I think we should block user deletion and show a notice like " all active subscriptions should be cancelled first"
  • For users with paid invoices, anonymize all data except:
    • Full name (billing/shipping)
    • Billing/shipping addresses
    • VAT number (if exists)
    • Company details (if B2B)
    • Order/Invoice numbers
    • Transaction dates
    • Payment amounts
    • VAT/Tax information

2. Database Changes

Add to customers table:

3. Anonymization Process

When triggered:

  • Set deletion_date to current_date + 10 years
  • Update customer record with anonymized data:
    • Replace email with hashed version
    • Clear phone numbers
    • Clear non-essential custom fields
    • Mark record as anonymized
  • Maintain link between anonymized customer record and their invoices

4. Cleanup Cron Job

  • Register daily WP cron job
  • Query: SELECT * FROM customers WHERE deletion_date < CURRENT_DATE
  • For each expired record:
    • Verify 10-year retention period
    • Remove customer record
    • Maintain invoice records with anonymized data

5. Integration Points

  • Hook into UsersWP deletion process (priority 8)
  • Hook into WP Privacy/GDPR tools
  • Update GetPaid's existing GDPR export functionality

Testing Requirements

  1. User self-deletion via UsersWP
  2. Admin user deletion
  3. GDPR erasure request
  4. Cron job execution
  5. Retention of required invoice data
  6. Proper anonymization of non-required fields

Notes

  • Ensure logging of anonymization actions
  • Add new privacy policy notes about 10-year retention
  • Update admin UI to show anonymization status
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants