User data retention on user delete #818
Description
GetPaid Plugin - Data Retention Implementation
Overview
Implement user data retention and anonymization system for GetPaid plugin, complying with UK data retention laws while preserving required invoice data.
Requirements
1. Pre-Deletion Hook
- Hook into
userwp_before_delete_userwith priority 8 - Hook into WordPress's
wp_privacy_personal_data_erasure_request - Check for paid invoices using GetPaid's API
- For users who have active subscriptions, I think we should block user deletion and show a notice like " all active subscriptions should be cancelled first"
- For users with paid invoices, anonymize all data except:
- Full name (billing/shipping)
- Billing/shipping addresses
- VAT number (if exists)
- Company details (if B2B)
- Order/Invoice numbers
- Transaction dates
- Payment amounts
- VAT/Tax information
2. Database Changes
Add to customers table:
3. Anonymization Process
When triggered:
- Set deletion_date to current_date + 10 years
- Update customer record with anonymized data:
- Replace email with hashed version
- Clear phone numbers
- Clear non-essential custom fields
- Mark record as anonymized
- Maintain link between anonymized customer record and their invoices
4. Cleanup Cron Job
- Register daily WP cron job
- Query: SELECT * FROM customers WHERE deletion_date < CURRENT_DATE
- For each expired record:
- Verify 10-year retention period
- Remove customer record
- Maintain invoice records with anonymized data
5. Integration Points
- Hook into UsersWP deletion process (priority 8)
- Hook into WP Privacy/GDPR tools
- Update GetPaid's existing GDPR export functionality
Testing Requirements
- User self-deletion via UsersWP
- Admin user deletion
- GDPR erasure request
- Cron job execution
- Retention of required invoice data
- Proper anonymization of non-required fields
Notes
- Ensure logging of anonymization actions
- Add new privacy policy notes about 10-year retention
- Update admin UI to show anonymization status