Privacy Security And Compliance

Privacy Domains

Privacy exporters include:

CommerceDataExporter
FinancialComplianceDataExporter
CustomerProfileDataExporter
AccessDataExporter
LicensePrivacyDataService
LicensePrivacyDomainDataExporter

Eraser behavior includes:

  • Cancelling open subscriptions.
  • Deleting addresses.
  • Deleting notes.
  • Anonymizing logs.
  • Anonymizing payment methods.
  • Anonymizing magic links.
  • Anonymizing order checkout context.
  • Anonymizing transactions.
  • Anonymizing license sites and events where allowed.

Security Headers

Security headers include:

Strict-Transport-Security
X-Content-Type-Options
X-Frame-Options
Content-Security-Policy
Referrer-Policy
Permissions-Policy

Secret Redaction Helper

function my_awc_redact(array $payload): array {
    foreach ([
        'license_key',
        'site_secret',
        'bootstrap_token',
        'package_token',
        'secret_key',
        'webhook_secret',
    ] as $key) {
        if (array_key_exists($key, $payload)) {
            $payload[$key] = '[redacted]';
        }
    }

    return $payload;
}

Safe Redirect Filter

add_filter('awecommerce_magic_link_destination', function ($default_url, $purpose, $row) {
    $target = home_url('/account/');

    return wp_validate_redirect($target, $default_url);
}, 10, 3);

Do Not Put Secrets In

logs
admin notices
email templates
passive metadata
static manifests
canonical packages
public JavaScript
frontend HTML
customer-visible audit data

License Key Caveat

AweCommerce stores a lookup hash and encrypted full key material for reveal workflows. On a self-hosted WordPress site, the key material and decryption ability are on the same server. Treat a full server compromise as capable of exposing stored keys.

Was this documentation helpful?