Privacy & GDPR
LicenceForge provides built-in support for the General Data Protection Regulation (GDPR) and other privacy regulations through integration with the WordPress privacy tools framework. This page covers data export, data erasure, IP hashing, and the available REST API endpoints for privacy operations.
WordPress Privacy Tools. LicenceForge hooks into the WordPress personal data exporter and eraser system introduced in WordPress 4.9.6. Privacy requests initiated through Tools > Export Personal Data or Tools > Erase Personal Data automatically include LicenceForge data.
Data Export
When a data export request is processed for an email address, LicenceForge's
WPLF_Privacy::export_personal_data() method collects and returns all associated data.
Exported Data
The following data categories are included in the export:
| Category | Fields |
|---|---|
| License Data | Product name, license status, customer name, customer email, activation limit, expiry date |
| Active Sites | Site origin URLs currently activated against each license |
| Audit Log | Last 100 audit log entries associated with the customer's licenses |
// Programmatic data export
$export_data = WPLF_Privacy::export_personal_data( '[email protected]' );
// Returns an array of data groups suitable for the WordPress exporterManual JSON Export
Administrators can also trigger a manual JSON export using the
export_to_json() method. This produces a downloadable JSON file containing the same
data as the WordPress privacy export.
// Manual JSON export
$json = WPLF_Privacy::export_to_json( '[email protected]' );
// Returns a JSON string ready for downloadCustomer Portal Export
Customers can export their own data directly from the customer portal using the
export_data action. This does not require admin intervention and returns the same data
set as the admin-initiated export.
Data Erasure
When a data erasure request is processed, WPLF_Privacy::erase_personal_data()
anonymises or deletes all personal data associated with the given email address. The process is
designed to be thorough while preserving non-personal business records for accounting purposes.
Erasure Actions
The following actions are performed during data erasure:
| Data | Action |
|---|---|
| Customer name | Replaced with anonymised placeholder |
| Customer email | Replaced with anonymised placeholder |
| License status | Set to cancelled |
| Site origins | Anonymised (original URLs removed) |
| Audit log (IP hashes) | Removed from all entries |
| Audit log (site hints) | Removed from all entries |
| Analytics data | Deleted entirely |
// Programmatic data erasure
$result = WPLF_Privacy::erase_personal_data( '[email protected]' );
// Returns: [ 'items_removed' => int, 'items_retained' => int, 'done' => bool ]Erasure is irreversible. Once personal data has been anonymised, it cannot be recovered. The license record itself is retained in an anonymised state for business record-keeping, but all personally identifiable fields are permanently overwritten.
REST API Endpoints
Administrators can trigger data export and erasure operations programmatically via the REST API. Both endpoints require admin-level authentication.
Export Endpoint
POST /wp-json/wplf/v1/admin/privacy/export
Content-Type: application/json
{
"email": "[email protected]"
}Returns a JSON object containing all exportable data for the specified email address.
Erasure Endpoint
POST /wp-json/wplf/v1/admin/privacy/erase
Content-Type: application/json
{
"email": "[email protected]"
}Returns a summary of items removed and retained.
Authentication required. Both endpoints require a valid administrator nonce or
API key with admin privileges. Unauthenticated requests will receive a 401 response.
IP Address Hashing
Under GDPR, IP addresses are classified as personal data. LicenceForge never stores IP addresses
in plaintext. Instead, all IPs are hashed using SHA-256 and
truncated to 16 characters via WPLF_Crypto::hash_ip().
How It Works
- The raw IP address is received from the incoming request.
- It is immediately passed through
hash( 'sha256', $ip ). - The resulting 64-character hex string is truncated to 16 characters.
- Only the truncated hash is stored in the database (audit log, rate limiting records).
// IP hashing implementation
$hashed = substr( hash( 'sha256', $raw_ip ), 0, 16 );
// e.g., "192.168.1.100" becomes "a1b2c3d4e5f67890"Implications
- The hash is one-way — the original IP cannot be recovered.
- The same IP always produces the same hash, enabling rate limiting and abuse detection.
- The 16-character truncation further reduces the likelihood of reversal through brute force.
- During data erasure, IP hashes are removed from audit log entries entirely.
Data Retention Summary
| Data Type | Storage Method | Retention | Erasure Behaviour |
|---|---|---|---|
| Customer name/email | Plaintext | Until erasure request | Anonymised |
| License records | Database rows | Indefinite (anonymised) | Cancelled and anonymised |
| Site origins | Plaintext URLs | Until deactivation or erasure | Anonymised |
| IP addresses | SHA-256 hash (16 chars) | With audit log entries | Removed |
| Audit log | Database rows | Indefinite | IP hashes and site hints removed |
| Analytics data | Database rows | Until erasure request | Deleted |
Privacy by design. LicenceForge collects only the minimum data necessary for licensing operations. IP hashing, automatic WordPress privacy tool integration, and customer self-service export all contribute to a privacy-first architecture. See Best Practices for additional recommendations on data handling.