Privacy and GDPR FAQ

TrustLens is designed for GDPR compatibility. This FAQ covers the most common privacy questions: what data is processed, where it goes, how customer rights are honored, and what your responsibilities are as the data controller.

---

What customer data does TrustLens process? #

TrustLens processes data your WooCommerce store already collects:

• Email addresses (hashed for storage)
• Order history, refunds, disputes
• Coupon usage
• Shipping and billing addresses (hashed for linked-accounts detection)
• Phone numbers (hashed)
• IP addresses (hashed)
• Payment method fingerprints (last-4 + brand, hashed)
• Device fingerprints (browser/OS characteristics, hashed)

It derives:

• Trust scores per customer
• Behavioral signal records
• Linked-account records
• Card-testing velocity events

---

Where does the data go? #

Nowhere outside your WordPress install by default. TrustLens does not call external services. The plugin developer (Webstepper) does not receive customer data.

External delivery happens only if you explicitly configure:

• Webhook actions (automation rules sending to your endpoints)
• Email notifications (sending to email addresses you configure)
• Slack alerts (sending to Slack webhooks you configure)

---

How is data pseudonymized? #

Customer identifiers — email, address, phone, IP, payment method, device — are hashed using keyed HMAC-SHA256. The key is generated on plugin activation and stored as a plugin-instance-specific secret.

Why keyed: a plain SHA-256 hash of an email is reversible via rainbow tables (the email space is small enough). A keyed HMAC hash isn’t — without the key, you can’t compute the hash or reverse-engineer it.

Effect: even if a TrustLens database table is leaked, the customer identifiers in it cannot be reversed back to raw emails or addresses without also having the secret key.

---

Are raw email addresses ever stored? #

Yes — the customer_email column on the customers table stores the email in plaintext alongside the hash. This is necessary so the admin can see who they’re acting on. The email column is cleared on GDPR erasure requests, leaving only the hash for internal references.

---

Does TrustLens integrate with WordPress’s privacy tools? #

Yes. TrustLens registers with WordPress’s standard privacy export and erasure tools.

Export #

When a customer requests their data via Tools → Export Personal Data, the export includes:

• Customer trust profile (score, segment, stat columns)
• Current signal breakdown
• Event timeline filtered to that customer
• Disputes filed for them
• Fingerprint hashes associated with their record
• Linked-account records (hashes only, not other customers’ raw data)
• Admin notes on their record

Erasure #

When erasure is requested, TrustLens deletes the customer’s record and all associated data:

• The row in trustlens_customers
• All their signals
• All their events
• All their disputes
• All their fingerprint hashes
• All their linked-account records
• All admin notes on them

The export and erasure features can be toggled in Settings → Data, but they default to on for GDPR compliance.

---

Can I anonymize a customer without erasing them? #

Set the customer’s customer_email to NULL in the database (or use the API). The hash remains for internal references but the plaintext email is gone. This is a “pseudonymize” operation — the customer’s trust profile and history persist, but the personally-identifying email isn’t accessible.

Full erasure removes the profile entirely.

---

How long is data retained? #

Default retention:

• Customer trust profiles: indefinite (until erased)
• Event log: 365 days, then purged
• Card-testing velocity events: 90 days
• Automation log: 90 days

Configurable in Settings → Data. Auto-erase-inactive-customers can be enabled to purge customers who haven’t ordered in N days.

---

What is the legal basis for processing under GDPR? #

Most TrustLens processing relies on legitimate interest — protecting your store from fraud and abuse is a recognized legitimate interest under GDPR. Customers can object to processing via the standard rights mechanisms.

For specific compliance questions, consult counsel. TrustLens documentation is informational, not legal advice.

---

Do I need to update my privacy policy? #

Yes. Your privacy policy should disclose:

• That you analyze customer behavior for fraud prevention
• What behaviors are analyzed (orders, refunds, etc.)
• That trust scores are computed and used for moderation decisions
• That data is processed locally (not shared with third parties unless you configure otherwise)
• How customers can exercise their rights

WordPress’s privacy policy template includes a section for “Plugin data.” TrustLens’s data processing should be added there.

---

Can customers see their own trust score? #

By default, no. Trust scores are admin-only. They’re shown on the customer profile in admin but not exposed to the customer’s My Account or any customer-facing surface.

If a customer makes a data access request, the score appears in their export. That’s GDPR-required disclosure, not customer-facing display.

---

How does TrustLens handle minors / children? #

TrustLens has no special handling for minors — it processes customer data the same regardless. If your store operates in a jurisdiction with specific protections for minors (e.g. COPPA in the US), your existing WooCommerce minor-handling applies; TrustLens inherits that posture.

---

What about CCPA / California-specific requirements? #

CCPA’s “right to know” and “right to delete” map cleanly onto WordPress’s export and erasure mechanisms — TrustLens responds to both. The “right to opt out of sale” doesn’t apply because TrustLens doesn’t sell data.

For CCPA-specific disclosures, ensure your privacy policy includes TrustLens’s processing.

---

What about other jurisdictions (LGPD, PIPEDA, etc.)? #

Most modern privacy laws share core concepts with GDPR — rights to access, deletion, and information. TrustLens’s GDPR-aligned design generally satisfies these laws’ technical requirements. Disclosure and consent requirements vary; consult local counsel.

---

Can I export TrustLens data for backup or migration? #

Yes. Settings → Data has CSV export options for customers, disputes, and events. The data is yours; export at any time.

---

If I uninstall TrustLens, is data deleted? #

By default, no — to allow reactivation without data loss. To wipe on uninstall, enable “Delete all data on uninstall” in Settings → Data before uninstalling.

---

How does TrustLens handle the HMAC secret if compromised? #

If you suspect the HMAC secret is compromised:

1. Settings → Data → Regenerate HMAC Secret
2. All existing hashes become invalid (they were keyed with the old secret)
3. New events get the new hash

This loses linked-account history (existing fingerprints don’t match new ones). Use only if necessary.

---

Does TrustLens process card data? #

No PAN (full card numbers). TrustLens stores the last-4 + brand as a fingerprint (hashed), not the full card number. Full card data never reaches TrustLens — it’s handled by your payment gateway exclusively.

PCI-DSS scope: TrustLens does not process or store PAN, so it’s outside PCI scope on its own. (Your overall PCI posture depends on your payment gateway integration.)