Compliance

Compliance & Privacy

This guide covers the skill-testing question feature, free entry route, GDPR compliance, and legal considerations for running raffles.

Skill-testing questions

In many Canadian jurisdictions and other regions, paid raffles and contests require entrants to answer a skill-testing question before they can participate. Raffle for WooCommerce includes a built-in skill question system.

How it works

When a raffle uses the global question pool, a question is randomly assigned on the first customer visit and pinned permanently to that product. This ensures postal (free entry) participants always see the same question.
The customer must answer correctly before adding the ticket to cart.
The answer is validated server-side using secure hashing (the correct answer is never exposed in page source).

Enabling skill questions

Global setting

Go to WooCommerce → Settings → Raffle → Compliance.
Check Enable Skill-Testing Question.
Configure your Question Pool (see below).
Save changes.

Per-product override

Each raffle product can override the global setting:

Edit your raffle product.
Go to Raffle Settings tab → Compliance section.
Set Skill-Testing Question to:

- Use global setting: Follow the global toggle. - Yes: Always require, regardless of global. - No: Disable for this product only.

Save the product.

Question pool

The question pool is managed in the global settings (WooCommerce → Settings → Raffle → Compliance).

Each question has:

Field	Description
Question	The question text displayed to the customer
Type	`Text` (free text answer) or `Multiple Choice` (radio buttons)
Correct Answer	The answer that must be matched
Choices	For multiple choice: one option per line

Scroll to see all columns →

Adding questions

Click "+ Add Question" in the Question Pool section.
Enter the question text.
Choose a type:

- Text: Customer types the answer. Compared case-insensitively. - Multiple Choice: Customer selects from shuffled options. Choices are randomized on each page load.

Enter the correct answer.
For multiple choice, enter all options (one per line), including the correct answer.
Click Save changes.

Example questions

Question	Type	Answer
What is 5 + 3?	Text	8
What is the capital of Canada?	Multiple Choice	Ottawa
Solve: 12 ÷ 4 = ?	Text	3
Which planet is closest to the Sun?	Multiple Choice	Mercury

Scroll to see all columns →

Custom per-product questions

Instead of using the global pool, a product can have its own question:

Edit raffle product → Raffle Settings → Compliance.
Set Question Source to "Custom".
Enter the question, type, answer, and choices.
Save the product.

Pinned question management

On the raffle product edit screen, a searchable "Pinned question" dropdown lets admins:

Browse and select a specific question from the global pool.
Leave it on auto-assign for automatic selection on the first customer visit.

This is useful when you want to control exactly which question appears on a specific raffle.

Compliance audit trail

When a customer answers a skill-testing question and adds a ticket to cart, the following data is saved as order item meta:

Question text
Answer type (text or multiple choice)
Pass result (correct/incorrect)
Timestamp

This data is displayed in the admin order's Raffle Information metabox for audit and compliance purposes.

Time limit

Add a countdown timer to the skill question.

Go to WooCommerce → Settings → Raffle → Compliance.
Set Time Limit (seconds) to the number of seconds (e.g., 60 for one minute).
Leave empty or 0 for no time limit.

When configured:

A countdown timer appears next to the question text (e.g., "(45s)").
The timer turns red when 10 seconds remain.
When time expires, all answer inputs and the add-to-cart button are disabled.
A message prompts the customer to refresh the page for a new attempt.

Best for: Preventing customers from looking up answers online. A 30–60 second limit works well for simple math or knowledge questions.

Max attempts

Limit how many wrong answers a customer can submit per product.

Go to WooCommerce → Settings → Raffle → Compliance.
Set Max Attempts Per Product (e.g., 3).
Leave empty or 0 for unlimited attempts.

When configured:

Each wrong answer increments a counter tracked per customer email (or IP address for guests) and product.
After exceeding the limit, the add-to-cart form is disabled with a lockout message.
Attempts are tracked using WordPress transients with a 24-hour expiry.

Best for: Preventing brute-force guessing, especially with multiple-choice questions that have few options.

Multiple choice display

Choose how multiple-choice answer options are presented.

Go to WooCommerce → Settings → Raffle → Compliance.
Set Multiple Choice Display to "Radio buttons" or "Dropdown select".

Mode	Description
Radio buttons	All options visible at once (default). Best for 2-4 choices.
Dropdown select	Options in a `<select>` dropdown. Best for 5+ choices or to save space.

Scroll to see all columns →

Security

The correct answer is stored as a wp_hash() in a hidden field, never visible in page source.
Server-side validation uses hash_equals() for timing-safe comparison.
Questions from the global pool are pinned per product for consistency.
Multiple choice options are shuffled randomly on each page load.
Time limit is enforced client-side (countdown) but incorrect answers are always validated server-side.
Attempt tracking uses customer email where available, falling back to IP address for anonymous guests.

Frontend display

When enabled, the skill question appears above the add-to-cart button. If both skill questions and free entry are enabled, the question appears in the "Paid Entry" tab and the question text is also displayed in the "Free Entry" tab so postal entrants know which question to answer in their mail entry.

A red asterisk indicates the question is required.
The hint text "Answering the skill-testing question correctly is required to participate." appears below the question.
HTML5 required attribute provides client-side validation.
If a time limit is set, a countdown timer appears next to the question.
If max attempts is configured and the customer is locked out, the form is disabled with a message.

Free entry route

In jurisdictions where "no purchase necessary" alternatives are legally required, the free entry feature provides a mail-in or alternative entry option.

How it works

When enabled, the product page shows two tabs:

Paid Entry: The normal add-to-cart form (with skill question if enabled).
Free Entry: Instructions for entering without purchasing.

Enabling free entry

Global setting

Go to WooCommerce → Settings → Raffle → Compliance.
Check Enable Free Entry Route.
Edit the Free Entry Instructions text.
Save changes.

Per-product override

Edit your raffle product → Raffle Settings → Compliance.
Set Free Entry Route to "Yes", "No", or "Use global setting".
Optionally enter custom instructions for this product.
Save the product.

Store address placeholder

The free entry instructions support a [Your Address] placeholder that is automatically replaced with your WooCommerce store address.

Example instruction text:

To enter without purchase, hand-print your name, address, phone number,
and email on a plain piece of paper and mail it to: [Your Address]

The store address is built from your WooCommerce → Settings → General address fields (street, city, postcode, country). The postal address is automatically highlighted with bold text and a subtle green background tint for better visibility.

Frontend display

The free entry tab displays the instruction text with no add-to-cart form.
If skill-testing questions are enabled, the question text is shown in the free entry tab so postal entrants know what to answer.
The tab UI is clean and uses accessible tab navigation.

Raffle for WooCommerce is designed with privacy in mind and integrates with WordPress's built-in privacy tools.

Personal data we collect

When customers purchase raffle tickets, we store:

Data Type	Purpose	Retention
Name	Ticket holder identification	Until order deleted
Email	Notifications, winner contact	Until order deleted
Ticket Numbers	Entry tracking	Until raffle deleted
Purchase Date	Audit trail	Until order deleted

Scroll to see all columns →

Gift purchase data

For gift purchases, additional data is collected:

Data Type	Purpose
Recipient Name	Ticket holder
Recipient Email	Gift notification
Gift Message	Personal message

Scroll to see all columns →

Personal data export

WordPress includes a built-in personal data export tool:

Go to Tools → Export Personal Data
Enter the customer's email address
Click Send Request
Customer confirms via email
Download includes all raffle ticket data

Exported data includes:

All ticket numbers owned
Raffle names participated in
Winner records (if any)
Gift relationships

Personal data erasure

WordPress includes a built-in personal data erasure tool:

Go to Tools → Erase Personal Data
Enter the customer's email address
Click Send Request
Customer confirms via email
Personal data is anonymized

Important notes:

Winner records are anonymized (not deleted) for audit purposes
Ticket numbers are retained with anonymized holder info
Gift messages are removed
Email addresses are hashed

Privacy policy suggestions

The plugin automatically adds suggested privacy policy text:

Go to Settings → Privacy
Click Policy Guide tab
Find "Raffle for WooCommerce" section
Copy suggested text to your Privacy Policy

Suggested text covers:

What raffle data is collected
How data is used
Gift purchase data handling
Data retention periods
User rights

Audit trail

All raffle activities are logged for transparency and compliance:

Logged events

Event	Details Captured
Ticket Created	Ticket number, raffle, purchaser
Ticket Cancelled	Reason, timestamp
Ticket Reactivated	Order restored from cancelled
Winner Selected	Method, ticket, timestamp
Prize Fulfilled	Prize type, recipient
Ticket Validated	Location, validator

Scroll to see all columns →

Accessing logs

Audit logs are stored in the rfwc_log database table. Access via:

Ticket Scanner - Recent validations
Analytics - Activity summary
Database - Full audit trail

Log retention

Logs are retained indefinitely by default. You can manually clean old logs via database management tools if needed.

Legal considerations

Disclaimer: This is general information, not legal advice. Consult a lawyer for your specific situation.

Raffle vs lottery vs sweepstakes

Type	Purchase Required?	Winner Selection	Typical Legality
Raffle	Yes (ticket purchase)	Random	Varies by jurisdiction
Lottery	Yes	Random	Usually government-only
Sweepstakes	No	Random	Generally allowed
Contest	No	Skill-based	Generally allowed

Scroll to see all columns →

Canadian compliance

In Canada, the Competition Act requires:

A skill-testing question for promotional contests.
A no purchase necessary (free entry) alternative.

Raffle for WooCommerce provides both features to help you comply.

Charity raffles

In many jurisdictions, charity raffles are legal if:

Run by registered non-profit
Proceeds go to charitable purpose
Proper licensing obtained
Rules clearly stated

Commercial raffles

Commercial raffles (for-profit) are restricted or prohibited in many areas:

Check local laws before running
Consider "no purchase necessary" alternatives
Consult legal counsel

Recommended practices

Clear Rules

- Publish official rules - State eligibility requirements - Explain how winners are selected - List prizes and values

Age Restrictions

- Set minimum age (usually 18+) - Verify age at checkout if needed

Geographic Restrictions

- List excluded regions - Block purchases from restricted areas

Winner Verification

- Verify winner eligibility before awarding - Get release/consent for publicity - Document everything

Tax Compliance

- Winners may owe taxes on prizes - Issue tax forms if required (1099 in US) - Inform winners of tax obligations

Random.org integration

For provably fair draws:

Why use Random.org?

True random numbers from atmospheric noise
Independent third-party verification
Public audit trail
Removes any perception of bias

Setup

Get API key at random.org/api
Enter in WooCommerce → Settings → Raffle
Select "Random.org" when drawing winners

Verification

Random.org provides:

Unique serial numbers for each draw
Verification URLs
Independent confirmation

Best practices checklist

Before running a raffle

Check local laws and regulations
Obtain necessary licenses/permits
Write clear official rules
Update privacy policy
Set up age/geographic restrictions
Configure Random.org for transparency
Enable skill-testing question (if required by jurisdiction)
Enable free entry route (if "no purchase necessary" is required)

During the raffle

Monitor for suspicious activity
Answer participant questions promptly
Keep records of all transactions
Document any issues

After the raffle

Draw winners using documented method
Verify winner eligibility
Notify winners promptly
Fulfill prizes on time
File required tax documents
Retain records for required period

Data security

Database security

Ticket data is stored in custom WordPress database tables:

Protected by WordPress authentication
Accessible only to authorized admins
Backed up with your WordPress backups

API security

Random.org API calls are HTTPS encrypted
API keys stored securely in WordPress options
No sensitive data transmitted externally

PDF security

PDF tickets contain QR codes for validation
Each ticket has unique identifier
Validation prevents duplicate use

Support resources

Settings

Pro Addon