GDPR extension - data retention

An extension for Store Builder and Multi-Vendor closes a GDPR compliance gap that is easy to forget. The built-in GDPR module in CS-Cart anonymizes data only for registered customers, while orders placed by guests, without creating an account, carry a full set of personal data: first name, last name, address, phone, and email. Our add-on takes over those orders, lets you anonymize them by hand or in bulk, and above all introduces a retention policy that keeps watch on its own, so data older than the defined period disappears without any staff involvement.

Key Features

- Guest order anonymization in a single click, right from the order details, while transaction history stays intact for accounting.

- Bulk anonymization of many orders and customers at once, straight from the list, without opening each record separately.

- An automatic retention policy in a cron job that finds and anonymizes data older than the defined period on its own.

- A configurable retention period and a list of excluded statuses, so orders in progress stay untouched.

- Test mode enabled by default, which lets you check the behavior before anything is changed in the database.

- A full operation history with a statistics panel, ready for a regulatory inspection or a GDPR audit.

It all starts with a single setting. In the Data Retention tab you define how many years after a customer's last activity their data should be anonymized, and right next to it you point out the order statuses you want to keep out of that rule:

Screenshot 1: configuring the retention period and excluded statuses

The other half of the setup is automation. Here you decide whether cron should anonymize guest orders, registered customer accounts, or both, and the test mode enabled by default lets you run the whole thing dry before it changes anything:

Screenshot 2: CRON automation settings with test mode enabled

The management panel shows the scale of the task at a glance. Two counters tell you how many guest orders and how many customer accounts are awaiting anonymization, and a single button lets you run the whole process by hand, without waiting for cron:

Screenshot 3: the management panel with anonymization candidate counters

A single guest order is handled in the place you know best. The Anonymize item appears in the order actions menu, shown only where it makes sense, next to a guest order that has not been processed yet:

Screenshot 4: the anonymize button in the guest order action menu

Once the operation is done, the same order looks completely different. The first name, last name, addresses, and phone number are replaced with anonymous values, the email takes a neutral form, and the menu shows a clear Anonymized label instead of the button:

Screenshot 5: the order after anonymization, personal data replaced

Every operation is recorded. Once the candidates are processed, the counters return to zero, and the operation history fills with entries showing the date, the entity type, the action taken, and the trigger source, ready to present during an inspection:

Screenshot 6: the anonymization operation history for audit purposes

SS GDPR Extended closes the most often overlooked gap in a store's GDPR compliance, the personal data in guest orders. It combines manual anonymization of single orders, bulk operations, and a fully automatic retention policy, while test mode and status exclusions protect against accidental data loss. Everything runs alongside the built-in GDPR module, with no system file changes, and the full operation history gives you peace of mind in case of an inspection.

Feel free to contact us and purchase the add-on!