GDPR Support in Loyalty Program for WooCommerce

Loyalty Program for WooCommerce is built with privacy in mind. This guide covers the personal data the plugin collects, how customer consent works, and what happens to loyalty data when a user account is deleted — so you can run your program in line with GDPR requirements.

What Personal Data Does the Plugin Store?

The plugin stores the following customer data to power the loyalty program features:

Database Tables

  • Points balance — each enrolled customer’s current points total and the date it was last updated.
  • Points activity log — a full history of every points transaction: earned, spent, expired, or manually adjusted. Each entry includes the source (order, referral, registration, social action, etc.) and a description.
  • Rank history — a log of rank changes, including the previous rank, new rank, and points total at the time of the change.
  • Claimed rank rewards — records of rewards a customer has claimed upon reaching a rank tier.

User Meta (wp_usermeta)

  • Enrollment status — whether the customer has opted in to the loyalty program.
  • Birthday — stored only if the customer provides it and birthday points are enabled.
  • Last activity date — used to calculate points expiry.
  • Rank data — current rank ID, total points toward rank thresholds, and rank lock status.
  • Referral code — a unique code generated for each enrolled customer.

Enrollment & Explicit Opt-In

By default, customers can be enrolled automatically when they create an account or place an order. For GDPR compliance, enable the Require Enrollment option under Loyalty Program → Settings → General. When active, no loyalty data is collected and no points are awarded until a customer visits their account page and explicitly clicks Join the Loyalty Program.

Privacy Policy Consent Checkbox

The plugin can display a privacy policy consent checkbox on the enrollment form. To enable it:

  1. Go to Loyalty Program → Settings → General.
  2. Find the Privacy Policy URL field.
  3. Enter the full URL of your privacy policy page (e.g. https://yoursite.com/privacy-policy/).
  4. Save settings.

Once set, the enrollment screen will show a required checkbox with the text: “I agree to the privacy policy and consent to my data being processed for the loyalty program.” The checkbox links to your privacy policy URL (opens in a new tab). Customers must check the box before they can join — the form will not submit without it.

Automatic Data Deletion on Account Removal

When a WordPress user account is deleted, the plugin automatically removes all associated loyalty data. No additional configuration is needed — this happens via the WordPress delete_user action. The following data is deleted:

  • Points balance record
  • Full points activity log
  • Birthday meta
  • Last activity date and points expiry meta
Filter Action List – Advanced Customization and Integration How to get a user’s points using php?
Browse our plugins

Lightweight WooCommerce plugins built for speed. No bloat, no frameworks -- just clean code that works.

View all plugins
Stay in the loop

Get notified when we launch new plugins. No spam, just product updates.