Compliance
Compliance & Privacy
This guide covers the skill-testing question feature, free entry route, GDPR compliance, and legal considerations for running raffles.
Skill-testing questions
In many Canadian jurisdictions and other regions, paid raffles and contests require entrants to answer a skill-testing question before they can participate. Raffle for WooCommerce includes a built-in skill question system.
How it works
- A random question from the pool is displayed on the product page.
- The customer must answer correctly before adding the ticket to cart.
- The answer is validated server-side using secure hashing (the correct answer is never exposed in page source).
- A new random question is shown on each page load.
Enabling skill questions
Global setting
- Go to WooCommerce → Settings → Raffle → Compliance.
- Check Enable Skill-Testing Question.
- Configure your Question Pool (see below).
- Save changes.
Per-product override
Each raffle product can override the global setting:
- Edit your raffle product.
- Go to Raffle Settings tab → Compliance section.
- Set Skill-Testing Question to:
- Save the product.
Question pool
The question pool is managed in the global settings (WooCommerce → Settings → Raffle → Compliance).
Each question has:
| Field | Description |
|---|---|
| Question | The question text displayed to the customer |
| Type | Text (free text answer) or Multiple Choice (radio buttons) |
| Correct Answer | The answer that must be matched |
| Choices | For multiple choice: one option per line |
Adding questions
- Click "+ Add Question" in the Question Pool section.
- Enter the question text.
- Choose a type:
- Enter the correct answer.
- For multiple choice, enter all options (one per line), including the correct answer.
- Click Save changes.
Example questions
| Question | Type | Answer |
|---|---|---|
| What is 5 + 3? | Text | 8 |
| What is the capital of Canada? | Multiple Choice | Ottawa |
| Solve: 12 ÷ 4 = ? | Text | 3 |
| Which planet is closest to the Sun? | Multiple Choice | Mercury |
Custom per-product questions
Instead of using the global pool, a product can have its own question:
- Edit raffle product → Raffle Settings → Compliance.
- Set Question Source to "Custom".
- Enter the question, type, answer, and choices.
- Save the product.
Security
- The correct answer is stored as a
wp_hash()in a hidden field, never visible in page source. - Server-side validation uses
hash_equals()for timing-safe comparison. - Each page load shows a random question from the pool.
- Multiple choice options are shuffled randomly.
Frontend display
When enabled, the skill question appears above the add-to-cart button. If both skill questions and free entry are enabled, the question appears in the "Paid Entry" tab only.
- A red asterisk indicates the question is required.
- The hint text "Answering the skill-testing question correctly is required to participate." appears below the question.
- HTML5
requiredattribute provides client-side validation.
Free entry route
In jurisdictions where "no purchase necessary" alternatives are legally required, the free entry feature provides a mail-in or alternative entry option.
How it works
When enabled, the product page shows two tabs:
- Paid Entry: The normal add-to-cart form (with skill question if enabled).
- Free Entry: Instructions for entering without purchasing.
Enabling free entry
Global setting
- Go to WooCommerce → Settings → Raffle → Compliance.
- Check Enable Free Entry Route.
- Edit the Free Entry Instructions text.
- Save changes.
Per-product override
- Edit your raffle product → Raffle Settings → Compliance.
- Set Free Entry Route to "Yes", "No", or "Use global setting".
- Optionally enter custom instructions for this product.
- Save the product.
Store address placeholder
The free entry instructions support a [Your Address] placeholder that is automatically replaced with your WooCommerce store address.
Example instruction text:
To enter without purchase, hand-print your name, address, phone number,
and email on a plain piece of paper and mail it to: [Your Address]The store address is built from your WooCommerce → Settings → General address fields (street, city, postcode, country).
Frontend display
- The free entry tab displays only the instruction text, no add-to-cart form.
- Skill-testing question requirements apply only to the paid entry tab.
- The tab UI is clean and uses accessible tab navigation.
GDPR compliance
Raffle for WooCommerce is designed with privacy in mind and integrates with WordPress's built-in privacy tools.
Personal data we collect
When customers purchase raffle tickets, we store:
| Data Type | Purpose | Retention |
|---|---|---|
| Name | Ticket holder identification | Until order deleted |
| Notifications, winner contact | Until order deleted | |
| Ticket Numbers | Entry tracking | Until raffle deleted |
| Purchase Date | Audit trail | Until order deleted |
Gift purchase data
For gift purchases, additional data is collected:
| Data Type | Purpose |
|---|---|
| Recipient Name | Ticket holder |
| Recipient Email | Gift notification |
| Gift Message | Personal message |
Personal data export
WordPress includes a built-in personal data export tool:
- Go to Tools → Export Personal Data
- Enter the customer's email address
- Click Send Request
- Customer confirms via email
- Download includes all raffle ticket data
Exported data includes:
- All ticket numbers owned
- Raffle names participated in
- Winner records (if any)
- Gift relationships
Personal data erasure
WordPress includes a built-in personal data erasure tool:
- Go to Tools → Erase Personal Data
- Enter the customer's email address
- Click Send Request
- Customer confirms via email
- Personal data is anonymized
Important notes:
- Winner records are anonymized (not deleted) for audit purposes
- Ticket numbers are retained with anonymized holder info
- Gift messages are removed
- Email addresses are hashed
Privacy policy suggestions
The plugin automatically adds suggested privacy policy text:
- Go to Settings → Privacy
- Click Policy Guide tab
- Find "Raffle for WooCommerce" section
- Copy suggested text to your Privacy Policy
Suggested text covers:
- What raffle data is collected
- How data is used
- Gift purchase data handling
- Data retention periods
- User rights
Audit trail
All raffle activities are logged for transparency and compliance:
Logged events
| Event | Details Captured |
|---|---|
| Ticket Created | Ticket number, raffle, purchaser |
| Ticket Cancelled | Reason, timestamp |
| Ticket Reactivated | Order restored from cancelled |
| Winner Selected | Method, ticket, timestamp |
| Prize Fulfilled | Prize type, recipient |
| Ticket Validated | Location, validator |
Accessing logs
Audit logs are stored in the rfwc_log database table. Access via:
- Ticket Scanner - Recent validations
- Analytics - Activity summary
- Database - Full audit trail
Log retention
Logs are retained indefinitely by default. You can manually clean old logs via database management tools if needed.
Legal considerations
Disclaimer: This is general information, not legal advice. Consult a lawyer for your specific situation.
Raffle vs lottery vs sweepstakes
| Type | Purchase Required? | Winner Selection | Typical Legality |
|---|---|---|---|
| Raffle | Yes (ticket purchase) | Random | Varies by jurisdiction |
| Lottery | Yes | Random | Usually government-only |
| Sweepstakes | No | Random | Generally allowed |
| Contest | No | Skill-based | Generally allowed |
Canadian compliance
In Canada, the Competition Act requires:
- A skill-testing question for promotional contests.
- A no purchase necessary (free entry) alternative.
Charity raffles
In many jurisdictions, charity raffles are legal if:
- Run by registered non-profit
- Proceeds go to charitable purpose
- Proper licensing obtained
- Rules clearly stated
Commercial raffles
Commercial raffles (for-profit) are restricted or prohibited in many areas:
- Check local laws before running
- Consider "no purchase necessary" alternatives
- Consult legal counsel
Recommended practices
- Clear Rules
- Age Restrictions
- Geographic Restrictions
- Winner Verification
- Tax Compliance
Random.org integration
For provably fair draws:
Why use Random.org?
- True random numbers from atmospheric noise
- Independent third-party verification
- Public audit trail
- Removes any perception of bias
Setup
- Get API key at random.org/api
- Enter in WooCommerce → Settings → Raffle
- Select "Random.org" when drawing winners
Verification
Random.org provides:
- Unique serial numbers for each draw
- Verification URLs
- Independent confirmation
Best practices checklist
Before running a raffle
- Check local laws and regulations
- Obtain necessary licenses/permits
- Write clear official rules
- Update privacy policy
- Set up age/geographic restrictions
- Configure Random.org for transparency
- Enable skill-testing question (if required by jurisdiction)
- Enable free entry route (if "no purchase necessary" is required)
During the raffle
- Monitor for suspicious activity
- Answer participant questions promptly
- Keep records of all transactions
- Document any issues
After the raffle
- Draw winners using documented method
- Verify winner eligibility
- Notify winners promptly
- Fulfill prizes on time
- File required tax documents
- Retain records for required period
Data security
Database security
Ticket data is stored in custom WordPress database tables:
- Protected by WordPress authentication
- Accessible only to authorized admins
- Backed up with your WordPress backups
API security
- Random.org API calls are HTTPS encrypted
- API keys stored securely in WordPress options
- No sensitive data transmitted externally
PDF security
- PDF tickets contain QR codes for validation
- Each ticket has unique identifier
- Validation prevents duplicate use