What Order Daemon stores
Order Daemon stores three categories of data:
| Category | What is stored | Where |
|---|---|---|
| Rules | Triggers, conditions, actions, status, labels, priority | WordPress CPT (odcm_order_rule) with post meta |
| Audit log | Event summaries, condition results, action outcomes, order ID, timestamp | odcm_audit_log and odcm_audit_log_payloads tables |
| Plugin options | Settings, display preferences, licence status | WordPress options table |
The audit log records operational data – what happened and why – not customer profile data. A typical log entry contains: rule name, trigger type, which conditions passed or failed, the action executed, and the WooCommerce order ID. It does not contain full customer records.
Nothing is sent to external servers by the free plugin. Pro licence validation sends only your licence key and site URL to orderdaemon.com – it does not transmit order or customer data.
GDPR considerations
Personal data in the audit log
Log entries reference order IDs. Because WooCommerce orders contain personal data (billing name, email, address), the audit log is considered personal data under GDPR if you can use the order ID to identify an individual.
Data minimisation
Avoid embedding customer names or emails in rule names, condition labels, or order notes added by automation rules. Use order IDs and generic labels instead. Keep rule configuration generic – it reduces the surface area of personally identifiable data in your logs.
Data subject requests
When a customer requests erasure, use WooCommerce’s built-in GDPR tools to handle the order record. If you need to remove associated audit log entries, use the batch delete action on the Insight Dashboard to delete entries by order ID.
Retention
The audit log grows continuously. Define a retention period that fits your operational needs – typically 30–90 days is sufficient for troubleshooting. Order Daemon Pro includes log retention settings that can automatically remove entries older than a configured threshold.
Note: This page is not legal advice. For compliance decisions specific to your business, consult your legal team and data protection officer.
Access control
Access to the Insight Dashboard and all rule management screens requires the manage_woocommerce capability (Administrator or Shop Manager role). Customers and Subscribers cannot access audit log data.
Data that leaves your server
| Scenario | Data sent | Destination |
|---|---|---|
| MailerLite integration | Billing email, optionally billing name, order ID, order total | MailerLite API |
| Outgoing webhooks Pro | Payload configured in the webhook rule action | Your configured endpoint |
| Licence validation Pro | Licence key, site URL | orderdaemon.com |
| WP-Cron ping | None (GET request only) | cron-job.org or your server cron |
For each integration you configure, review the privacy policy of the receiving service.