Data and Privacy
3 min read
The Data and Privacy settings tab controls how TrustLens handles personal data, retention, GDPR compliance, and data deletion. TrustLens is designed to be GDPR-friendly by default, but this tab is where you customize retention policies, configure WordPress privacy tool integration, and manage data-cleanup options.
Location: TrustLens → Settings → Data.
Privacy Architecture #
Before getting into settings, the high-level privacy story:
- All processing local. No customer data is sent to Webstepper or any external service unless you configure webhooks or external integrations.
- Customer identifiers pseudonymized. Email addresses are converted to keyed HMAC-SHA256 hashes for internal use. The keyed-hash secret is plugin-instance-specific.
- Address and IP fingerprints hashed. Linked-accounts and shipping-anomaly modules use the same approach — raw values are never stored.
- GDPR integration. Standard WordPress privacy export and erasure tools include TrustLens data.
HMAC Key Management #
Current HMAC Secret #
Read-only display showing a partial hash of the current secret (so you can confirm it’s set without exposing the secret).
Regenerate HMAC Secret #
Action button
Generates a new HMAC secret. Warning: This invalidates all existing hashes — every customer hash, every linked-account fingerprint, every velocity event will have a different hash going forward. Existing records become orphaned.
Use only when:
- You suspect the existing secret has been compromised
- You’re migrating between environments and need to reset state
Not for routine rotation — the cost (loss of linked-account history, fragmented customer records) outweighs the benefit on most stores.
Data Retention #
Event Log Retention #
Default: 365 days
How long to keep entries in {prefix}trustlens_events. Lower means smaller database; higher means longer audit history.
Signal Log Retention #
Default: Indefinite (rewritten on each recalculation)
Per-customer signal records are rewritten each recalculation. Historical signal state is not preserved — the most recent calculation is the only state.
Card-Testing Velocity Retention #
Default: 90 days
How long to keep velocity events. Configurable up to 365 days. Lower means smaller database; higher means longer forensic window for Pro Attack History.
Automation Log Retention #
Default: 90 days
How long to keep automation rule firing logs.
Auto-Erase Inactive Customers #
Default: Off
If on, customers inactive for the configured period have their TrustLens data automatically erased. Useful for compliance-driven retention policies. The WooCommerce customer record itself is not erased — only the TrustLens shadow record.
Inactive Period (days) #
Default: 730 (2 years)
Used by Auto-Erase Inactive Customers.
GDPR Privacy Tools Integration #
Include TrustLens Data in Privacy Export #
Default: On
When a customer submits a data export request via WordPress’s standard tool, TrustLens contributes the customer’s record, signals, fingerprints, category stats, automation logs, and admin notes.
Include TrustLens Data in Privacy Erasure #
Default: On
When an erasure request is processed, TrustLens deletes the customer’s record and all associated data.
Both settings should generally remain on for GDPR compliance.
Data Export #
Export All Customer Data (CSV) #
Action button
Download the entire customer table as CSV. Useful for migrations, backups, or external analysis. Large stores: the export runs as a background job and emails you a download link when ready.
Export Disputes #
Action button
CSV of all dispute records.
Export Event Log #
Action button
CSV of the event log, optionally filtered to a date range. Large logs may take a few minutes to generate.
Data Deletion #
Delete All TrustLens Data #
Danger zone
Removes every TrustLens table record:
- Customer trust profiles
- Signals
- Events
- Disputes
- Fingerprints
- Linked-account records
- Category stats
- Automation rules and logs
- Velocity events
- Allowlist entries
WooCommerce orders and customers are untouched. Settings are preserved.
Requires typing “DELETE” to confirm. Action is logged in the WordPress audit log.
Delete All Settings and Data #
Full reset
Deletes everything from above plus all settings. Effectively factory-resets the plugin without uninstalling. Use before uninstalling if you want a clean wipe.
Uninstall Behavior #
Delete All Data on Uninstall #
Default: Off
If on, deleting the plugin from WordPress’s Plugins page also wipes all TrustLens data. If off (default), data persists across reinstalls — useful when troubleshooting.
Turn on before final removal if you want a clean uninstall.
Data Mapping for GDPR #
The privacy export bundle structure (when a customer’s data is exported):
| Section | Contents |
|---|---|
| Customer Profile | Trust score, segment, status flags, stat columns |
| Signals | Current signal breakdown |
| Events | Filtered to this customer’s events |
| Disputes | Filtered to this customer’s disputes |
| Fingerprints | Hashes associated with this customer |
| Linked Accounts | List of accounts this customer is linked to (hashes only, not other customers’ emails) |
| Admin Notes | All admin notes on this customer |
The export uses WordPress’s standard format (HTML or JSON) and is delivered via WordPress’s email mechanism.
Compliance Caveats #
TrustLens is designed for GDPR compatibility but compliance is your responsibility:
- Document TrustLens’s data processing in your privacy policy
- Update terms of service to reflect behavioral scoring
- Honor erasure requests within statutory windows
- If you operate in jurisdictions with stricter requirements (CCPA, others), evaluate accordingly
For specific compliance questions, consult counsel — this documentation is informational, not legal advice.
