Restrict Content Pro stores very little personal information about your members. The following details are collected and stored when creating a user account:
- Username
- Email address
- Password
- First name (if provided)
- Last name (if provided)
These are fields built into the WordPress core and are stored in the wp_users and wp_usermeta tables.
Restrict Content Pro does not store any billing or card details. If using a payment gateway that allows users to input card details on your site (such as Stripe), the information is sent directly to your chosen payment gateway and stored there. If using PayPal Standard or Express, billing/card details will not be asked for on your site whatsoever; PayPal handles that entire process.
Restrict Content Pro does not store IP addresses, though in some cases the user's IP may be sent to the payment processor, or Google too if you're using reCAPTCHA.
Deleting Accounts And Personal Data
You can delete a user's account through the Users > All Users page in the admin area. Deleting an account also deletes any corresponding data stored in the wp_usermeta table, including the user's membership status, expiration date, and notes. If the user has a recurring subscription you will first want to cancel that to ensure the user is not billed again.
When an account is deleted, the corresponding payments are not deleted from Restrict Content Pro. However, the payments do not contain any personal information.
Deleting data from inside WordPress does not delete the user's information in the payment gateway. For example, customer information and saved cards will not be removed from Stripe. This will have to be deleted through the payment gateway's interface.
Handling Data Erasure Requests For GDPR
When processing a confirmed data erasure request for a user, we recommend the following flow:
- Navigate to Restrict > Members and search for the user's email address. If they have a membership the user will appear in the table. Click to edit the user and change their status to "Cancelled". If the user has a recurring subscription, you'll be asked if you also want to cancel the subscription at the payment gateway. Check this on then save the user. This will cancel the subscription and ensure the user is no longer billed.
- Fulfill the erasure request in Tools > Erase Personal Data. This will delete personal information added by plugins and anonymize the user's comments.
- Finally, delete the user's account in Users > All Users. This will permanently delete the account and associated Restrict Content Pro membership information.
Payments will not be deleted when you follow these steps, but once the user's account has been deleted they do not contain any personal information. If you wish to delete them anyway, go to Restrict > Payments and enter the user's email address in the search box. This will show you all payments made by that user and you may then delete them.