GDPR & Data Privacy Compliance

Available in:

• Post Affiliate Pro
• Post Affiliate Pro Ultimate
• Post Affiliate Network

Overview

Data privacy regulations like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and similar laws worldwide require businesses to protect personal data and respect individual privacy rights. Post Affiliate Pro includes comprehensive privacy features that help you meet these compliance requirements while running an effective affiliate program.

This page covers the key privacy and data protection features available in Post Affiliate Pro to help you understand how to configure your affiliate program for data privacy compliance.

Data Anonymization Features

Anonymize Transaction Data Fields Plugin

The Anonymize Transaction Data Fields plugin allows you to mask sensitive information in transaction data fields when displaying them to affiliates. This is particularly useful when transaction data contains customer emails, names, or other personal information that affiliates should not see in full.

The plugin provides granular control over how data is anonymized:

• Apply to all affiliates or specific groups - You can choose to apply anonymization to all affiliates, only to a specific list of included affiliates, or to all affiliates except those you explicitly exclude.

• Email address masking options:

  • Hide the part before the @ sign (e.g., ***@example.com)
  • Hide the part after the @ sign (e.g., john.doe@***)
  • Hide only the second half of the hidden portion for partial visibility

• Character-based hiding:

  • Show only the first X characters
  • Show only the last X characters
  • Hide the first X characters
  • Hide the last X characters

For example, an email like john.doe@example.com could be displayed as joh***@example.com or ***@***.com depending on your configuration.

The plugin supports all five transaction data fields (Data 1 through Data 5), each with independent anonymization settings. This flexibility allows you to apply different masking rules based on what type of information each field contains.

How to Configure Data Anonymization

1. Navigate to Configuration > Plugins in your merchant panel
2. Enable the “Anonymize Transaction Data Fields” plugin
3. Click Configure to access the plugin settings
4. Select which affiliates should see anonymized data
5. For each data field (1-5), configure the appropriate masking rules
6. Save your settings

IP Address Hiding and Masking

Hide IP Addresses Plugin

The Hide IP Addresses plugin provides comprehensive control over IP address visibility throughout Post Affiliate Pro. IP addresses are considered personal data under GDPR and similar regulations, making this feature essential for privacy compliance.

You can configure IP hiding separately for different contexts:

• Affiliate Panel - Hide visitor IP addresses from affiliates viewing their clicks and transactions
• Network Merchant Panel - Hide IP addresses from network merchants in multi-tier network setups
• Merchant Panel (Owner) - Hide IP addresses even from merchant administrators
• Affiliate IP Addresses - Hide the registration and login IP addresses of affiliates themselves

When enabled, the plugin removes IP address columns and filters from:

• Clicks grid and reports
• Transactions grid and reports (including first click IP and last click IP)
• Affiliate manager and affiliate lists
• Login history
• Audit logs
• Visit logs and visitor affiliate records

This comprehensive approach ensures that IP addresses cannot be accessed through any interface when hiding is enabled for a particular user role.

Configuring IP Address Privacy

1. Go to Configuration > Plugins in your merchant panel
2. Enable the “Hide IP Addresses” plugin
3. Click Configure to access settings
4. Check the appropriate boxes for each context where you want to hide IP addresses
5. Save your configuration

Affiliate Data Export (Right to Access)

Under GDPR Article 15 (Right of Access) and Article 20 (Right to Data Portability), individuals have the right to receive their personal data in a structured, commonly used format. Post Affiliate Pro supports this through comprehensive data export capabilities.

Exporting Affiliate Data

Post Affiliate Pro provides multiple ways to export affiliate data:

Affiliate Data Export - Export complete affiliate records including:

• User ID and referral ID
• Registration and approval dates
• Personal information (name, email, contact details)
• Custom profile fields (Data 1-25)
• Account status and settings
• Payout options and minimum payout thresholds
• Login history and statistics

Transaction Export - Export transaction history including:

• Commission records and amounts
• Order details and product information
• Click and conversion data
• Payment records and payout history

CSV Format - All exports are provided in standard CSV format that can be opened in spreadsheet applications or imported into other systems, satisfying the data portability requirement.

Using the Export Feature

1. Navigate to Affiliates > Affiliate manager
2. Select the affiliate whose data you need to export
3. Use the Export function to download affiliate data
4. For bulk exports, use the import/export functionality in Tools

Affiliate Data Deletion (Right to be Forgotten)

GDPR Article 17 establishes the Right to Erasure, commonly known as the “right to be forgotten.” Post Affiliate Pro provides robust affiliate deletion functionality to help you comply with these requests.

Deletion Confirmation Process

For added security and compliance, Post Affiliate Pro offers optional email confirmation for affiliate deletions:

1. Deletion Notification - When enabled, the system sends an email notification when an affiliate deletion is initiated
2. Deletion Confirmation Required - When enabled, the deletion requires explicit confirmation via a link in the email before it proceeds

This two-step process helps prevent accidental or unauthorized deletions and provides an audit trail of deletion requests.

The notification email includes:

• The affiliate’s complete profile information
• Statistics that will be deleted (clicks, transactions, commissions)
• A confirmation link (if confirmation is required)
• Details about who initiated the deletion and when

What Gets Deleted

When you delete an affiliate, the following data is removed:

• Affiliate user record and profile information
• Associated account user records
• Authentication credentials
• User tree relationships
• Payout option configurations

Depending on your configuration, you can also choose to delete or retain:

• Historical transaction and commission records
• Click and impression statistics

Deletion via API

For automated compliance workflows, affiliate deletion is also available through the Post Affiliate Pro API. The v3 API provides a DELETE /affiliates/{id} endpoint that:

• Returns 204 status for immediate deletion
• Returns 202 status when deletion is pending email confirmation
• Respects your notification and confirmation settings

Cookie Consent Considerations

Affiliate tracking in Post Affiliate Pro uses cookies to track visitor journeys from affiliate clicks to conversions. Under GDPR and ePrivacy regulations, you may need to obtain consent before placing tracking cookies.

Types of Cookies Used

Post Affiliate Pro creates several cookies for tracking purposes:

• PAPVisitorId - The primary tracking cookie that stores the visitor’s unique identifier
• First-party cookies - Stored on your domain for basic tracking
• Third-party cookies - Used for cross-domain tracking scenarios
• HTML5 Local Storage - Used as a backup when cookies are blocked

Implementing Cookie Consent

To comply with cookie consent requirements:

1. Add a cookie consent banner to your website that informs visitors about tracking cookies
2. Only load the tracking code after obtaining consent (if required by your jurisdiction)
3. Provide opt-out mechanisms for visitors who withdraw consent
4. Document your cookie usage in your privacy policy

Post Affiliate Pro’s tracking code can be conditionally loaded based on consent status using your consent management platform.

Alternative Tracking Methods

For situations where cookie consent is not obtained, consider these alternatives:

• Server-to-Server (S2S) Tracking - Track conversions without client-side cookies
• API-based tracking - Direct integration for conversion tracking
• Coupon code tracking - Track conversions using unique affiliate coupon codes

Data Retention Settings

Managing how long data is retained is an important aspect of data privacy compliance. Post Affiliate Pro provides several mechanisms for controlling data retention.

Automatic Data Cleanup

Post Affiliate Pro includes automated tasks for managing data retention:

• Group Old Clicks/Impressions - Older click and impression data can be aggregated to reduce storage while maintaining statistical accuracy
• Log Cleanup - System logs can be configured to automatically purge after a specified period
• User Agent Cleanup - Detailed browser information can be cleaned up periodically

Cookie Lifetime Settings

You can control how long tracking cookies remain valid:

• Default cookie lifetime is 60 days
• Cookie lifetime can be configured per campaign
• Shorter cookie lifetimes reduce the period of data collection

Configuring Retention Policies

Work with your data protection officer or legal team to determine appropriate retention periods for:

• Affiliate personal data
• Transaction records
• Click and impression logs
• System logs and audit trails

Then configure Post Affiliate Pro’s cleanup tasks and cookie settings accordingly.

Privacy Policy Integration

Communicating your data practices to affiliates and customers is a key compliance requirement.

Affiliate Agreement Terms

When affiliates sign up, you can require them to agree to terms that include:

• What personal data you collect
• How their data will be used
• Their rights regarding their data
• Data retention periods
• How to exercise their privacy rights

Customer Privacy Disclosures

Your customer-facing privacy policy should disclose:

• The use of affiliate tracking cookies
• What data is collected during the tracking process
• How long tracking cookies are valid
• How to opt out of tracking

Audit Trail and Compliance Documentation

The Audit Log feature in Post Affiliate Pro helps maintain compliance documentation by recording:

• All changes to affiliate records
• Commission approvals and modifications
• System configuration changes
• User actions and access patterns

This audit trail can be invaluable when responding to regulatory inquiries or demonstrating compliance with data protection requirements.

Additional Security Features

Post Affiliate Pro includes additional security features that support overall data protection:

• 2-Step Verification - Protect accounts with two-factor authentication
• Fraud Protection - Detect and prevent fraudulent activity
• Role-based access control - Limit data access based on user roles
• Secure connections - SSL/TLS encryption for all data transmission

Summary

Post Affiliate Pro provides a comprehensive set of privacy and data protection features to help you run a GDPR-compliant affiliate program:

By properly configuring these features, you can balance effective affiliate program management with respect for individual privacy rights and regulatory compliance requirements.