View Categories

Admin Notes

5 min read

Admin notes are free-form text annotations you can attach to any customer record. They’re the place to record context that doesn’t fit into structured fields — communications with the customer, the reasoning behind a block, manual investigation findings, links to external ticket systems. This page covers how to use admin notes, what they’re best for, and how they integrate with the rest of TrustLens.

Adding a Note #

  1. Open the customer’s detail page
  2. Scroll to the Admin Notes panel
  3. Type your note in the textarea
  4. Optionally tag the note with a category (Block / Allowlist / Investigation / Communication / Other)
  5. Click Add Note

Notes are saved immediately. They appear in the Admin Notes panel and as admin_note_added events in the customer’s event timeline.

Note Metadata #

Each note carries:

  • Timestamp (server time)
  • Author (WordPress user who added it)
  • Optional category tag
  • The note text

Notes are immutable once saved. You can’t edit a note’s text. You can delete a note, but the deletion itself is logged in the event timeline so accountability is preserved.

What to Put in Notes #

Note Type Example
Block justification “Confirmed friendly fraud — customer received tracking confirmation and email receipt, then disputed for non-receipt. Refund denied on order #12345. Submitting evidence to Stripe.”
Allowlist justification “Confirmed VIP via phone call 2024-03-15. CFO of {customer company}; orders for office supplies. Suppress risk signals.”
Investigation notes “Linked to fraud ring with customers X and Y; further investigation pending. Awaiting processor confirmation on dispute outcome.”
Communication history “Customer emailed 2024-03-20 asking about delayed shipment. Tracking confirmed delivered. Response sent.”
External ticket link “Zendesk ticket #5042; awaiting customer response. Help desk lead: @sarah.”
Manual override reasoning “Trust score is 18 but signals appear to be a false positive — return spike was due to defective batch in March. Allowlisting until product issue resolves.”

What Not to Put in Notes #

  • Sensitive personal data beyond what’s needed for the moderation decision — notes are admin-visible but not encrypted at rest
  • Customer-facing language — notes are internal; customers cannot see them, but a screenshot could leak
  • Speculation that could become a legal liability — “I think this customer is a known scammer” is more dangerous than “Customer’s behavior matches the pattern described in policy X”
  • Notes that should be elsewhere — order-specific notes belong on the WooCommerce order; product issues belong in the product’s notes

Notes and the Event Timeline #

Every added note creates an admin_note_added event in the customer’s event timeline. The timeline shows:

  • Note timestamp
  • Author
  • Category (if tagged)
  • First line of the note text (truncated)

Clicking the timeline entry opens the full note. This gives notes the same visibility as automatic events like orders and refunds — useful for tracing the full decision history on a customer.

Permission Model #

Adding and viewing notes requires the manage_woocommerce capability — same as the rest of TrustLens. There’s no per-user note privacy; any admin who can see the customer can see all notes on the customer.

For sensitive cases (e.g. notes that include internal legal opinions, employee disciplinary context), keep those out of TrustLens — the note system isn’t designed for differential access control.

Searching Notes #

The Customers list doesn’t expose a full-text search over notes by default. If you need to find a specific note (e.g. “find all customers with notes mentioning ‘Zendesk ticket'”), use a SQL query against {prefix}trustlens_admin_notes or a custom report.

For most workflows, notes are read in the context of a specific customer being investigated, so search isn’t critical.

Notes and GDPR #

Admin notes are part of the customer’s processed personal data and are subject to GDPR rules:

  • Data export requests include all admin notes on the customer
  • Data erasure requests wipe all notes on the customer

If your team uses notes to record information you don’t want exported to a customer on request (e.g. internal investigative notes), be aware that a GDPR export will surface them. Either avoid putting that information in notes, or accept the export risk.

Notes in Dispute Evidence Reports (Pro) #

By default, admin notes are not included in Pro’s Dispute Evidence Reports. The reports include factual data (signals, events, stats) but not internal commentary. This is intentional — notes can contain language inappropriate for a processor-facing document.

If you want a specific note included in a report, summarize the relevant fact in the dispute notes field of the dispute record itself, which is included in Evidence Reports.

Deletion #

To delete a note:

  1. Open the customer detail page
  2. In the Admin Notes panel, hover the note
  3. Click the trash icon
  4. Confirm deletion

The note text is removed, but a admin_note_deleted event is added to the event timeline showing who deleted the note and when. The text content of the deleted note is purged.

This deletion model balances accountability (you can see that a note existed and was deleted) with the need to actually remove content that shouldn’t have been recorded.

Best Practices #

  • Categorize notes — even informally — so the timeline filters become useful
  • Reference external systems by ID rather than detail (e.g. “Zendesk #5042” not the full conversation)
  • Write factually — “customer received product on date X, dispute filed on date Y” rather than “this customer is committing fraud”
  • Add notes whenever you take a discretionary action — future you will want to remember why
  • Review notes during quarterly audits — they’re the institutional memory of your moderation team
Updated on June 4, 2026

What are your Feelings

  • Happy
  • Normal
  • Sad