Compliance & Privacy

This guide covers GDPR compliance and legal considerations for running raffles.

GDPR Compliance

Raffle for WooCommerce is designed with privacy in mind and integrates with WordPress's built-in privacy tools.

Personal Data We Collect

When customers purchase raffle tickets, we store:

Data Type	Purpose	Retention
Name	Ticket holder identification	Until order deleted
Email	Notifications, winner contact	Until order deleted
Ticket Numbers	Entry tracking	Until raffle deleted
Purchase Date	Audit trail	Until order deleted

Gift Purchase Data

For gift purchases, additional data is collected:

Data Type	Purpose
Recipient Name	Ticket holder
Recipient Email	Gift notification
Gift Message	Personal message

Personal Data Export

WordPress includes a built-in personal data export tool:

• Go to Tools → Export Personal Data
• Enter the customer's email address
• Click Send Request
• Customer confirms via email
• Download includes all raffle ticket data

Exported data includes:

• All ticket numbers owned
• Raffle names participated in
• Winner records (if any)
• Gift relationships

Personal Data Erasure

WordPress includes a built-in personal data erasure tool:

• Go to Tools → Erase Personal Data
• Enter the customer's email address
• Click Send Request
• Customer confirms via email
• Personal data is anonymized

Important notes:

• Winner records are anonymized (not deleted) for audit purposes
• Ticket numbers are retained with anonymized holder info
• Gift messages are removed
• Email addresses are hashed

Privacy Policy Suggestions

The plugin automatically adds suggested privacy policy text:

• Go to Settings → Privacy
• Click Policy Guide tab
• Find "Raffle for WooCommerce" section
• Copy suggested text to your Privacy Policy

Suggested text covers:

• What raffle data is collected
• How data is used
• Gift purchase data handling
• Data retention periods
• User rights

Audit Trail

All raffle activities are logged for transparency and compliance:

Logged Events

Event	Details Captured
Ticket Created	Ticket number, raffle, purchaser
Ticket Cancelled	Reason, timestamp
Winner Selected	Method, ticket, timestamp
Prize Fulfilled	Prize type, recipient
Ticket Validated	Location, validator

Accessing Logs

Audit logs are stored in the rfw_log database table. Access via:

• Ticket Scanner - Recent validations
• Analytics - Activity summary
• Database - Full audit trail

Log Retention

Logs are retained indefinitely by default. You can manually clean old logs via database management tools if needed.

Legal Considerations

Disclaimer: This is general information, not legal advice. Consult a lawyer for your specific situation.

Raffle vs Lottery vs Sweepstakes

Type	Purchase Required?	Winner Selection	Typical Legality
Raffle	Yes (ticket purchase)	Random	Varies by jurisdiction
Lottery	Yes	Random	Usually government-only
Sweepstakes	No	Random	Generally allowed
Contest	No	Skill-based	Generally allowed

Charity Raffles

In many jurisdictions, charity raffles are legal if:

• Run by registered non-profit
• Proceeds go to charitable purpose
• Proper licensing obtained
• Rules clearly stated

Commercial Raffles

Commercial raffles (for-profit) are restricted or prohibited in many areas:

• Check local laws before running
• Consider "no purchase necessary" alternatives
• Consult legal counsel

Recommended Practices

• Clear Rules

- Publish official rules - State eligibility requirements - Explain how winners are selected - List prizes and values

• Age Restrictions

- Set minimum age (usually 18+) - Verify age at checkout if needed

• Geographic Restrictions

- List excluded regions - Block purchases from restricted areas

• Winner Verification

- Verify winner eligibility before awarding - Get release/consent for publicity - Document everything

• Tax Compliance

- Winners may owe taxes on prizes - Issue tax forms if required (1099 in US) - Inform winners of tax obligations

Random.org Integration

For provably fair draws:

Why Use Random.org?

• True random numbers from atmospheric noise
• Independent third-party verification
• Public audit trail
• Removes any perception of bias

Setup

• Get API key at random.org/api
• Enter in WooCommerce → Settings → Raffle
• Select "Random.org" when drawing winners

Verification

Random.org provides:

• Unique serial numbers for each draw
• Verification URLs
• Independent confirmation

Best Practices Checklist

Before Running a Raffle

• Check local laws and regulations
• Obtain necessary licenses/permits
• Write clear official rules
• Update privacy policy
• Set up age/geographic restrictions
• Configure Random.org for transparency

During the Raffle

• Monitor for suspicious activity
• Answer participant questions promptly
• Keep records of all transactions
• Document any issues

After the Raffle

• Draw winners using documented method
• Verify winner eligibility
• Notify winners promptly
• Fulfill prizes on time
• File required tax documents
• Retain records for required period

Data Security

Database Security

Ticket data is stored in custom WordPress database tables:

• Protected by WordPress authentication
• Accessible only to authorized admins
• Backed up with your WordPress backups

API Security

• Random.org API calls are HTTPS encrypted
• API keys stored securely in WordPress options
• No sensitive data transmitted externally

PDF Security

• PDF tickets contain QR codes for validation
• Each ticket has unique identifier
• Validation prevents duplicate use

Support Resources

• WordPress Privacy Tools
• GDPR Guidelines
• Random.org API Documentation