Privacy Domains
Privacy exporters include:
CommerceDataExporter
FinancialComplianceDataExporter
CustomerProfileDataExporter
AccessDataExporter
LicensePrivacyDataService
LicensePrivacyDomainDataExporter
Eraser behavior includes:
- Cancelling open subscriptions.
- Deleting addresses.
- Deleting notes.
- Anonymizing logs.
- Anonymizing payment methods.
- Anonymizing magic links.
- Anonymizing order checkout context.
- Anonymizing transactions.
- Anonymizing license sites and events where allowed.
Security Headers
Security headers include:
Strict-Transport-Security
X-Content-Type-Options
X-Frame-Options
Content-Security-Policy
Referrer-Policy
Permissions-Policy
Secret Redaction Helper
function my_awc_redact(array $payload): array {
foreach ([
'license_key',
'site_secret',
'bootstrap_token',
'package_token',
'secret_key',
'webhook_secret',
] as $key) {
if (array_key_exists($key, $payload)) {
$payload[$key] = '[redacted]';
}
}
return $payload;
}
Safe Redirect Filter
add_filter('awecommerce_magic_link_destination', function ($default_url, $purpose, $row) {
$target = home_url('/account/');
return wp_validate_redirect($target, $default_url);
}, 10, 3);
Do Not Put Secrets In
logs
admin notices
email templates
passive metadata
static manifests
canonical packages
public JavaScript
frontend HTML
customer-visible audit data
License Key Caveat
AweCommerce stores a lookup hash and encrypted full key material for reveal workflows. On a self-hosted WordPress site, the key material and decryption ability are on the same server. Treat a full server compromise as capable of exposing stored keys.