Everything you'd want to know before you install.
A detailed look at how DataFirefly Account Delete GDPR works, why we built it the way we did, and the thinking behind the features above.
Why this module is essential
Since 2018, GDPR has required any company processing personal data of European citizens to allow its users to exercise their right to erasure (Article 17). PrestaShop does not provide this functionality natively: the administrator must handle each request manually, delete the account on the shop side, then remove the email from each newsletter platform one by one. This is time-consuming, error-prone, and risky in the event of a CNIL audit. This module fully automates the process, from the customer's request to unsubscription from third-party newsletter platforms.
Two modes: anonymization or full deletion
The module offers two operating modes. In anonymization mode (recommended), the customer's personal data is replaced with anonymous values: their name becomes Anonymized, their email becomes a unique internal identifier, their addresses are scrubbed (but kept if linked to orders). Orders remain intact to comply with the French accounting retention requirement of 10 years, in accordance with article L123-22 of the Commercial Code. In deletion mode, the account is entirely erased if no orders exist; otherwise the module automatically switches to anonymization so as not to break the legal history.
Secure email confirmation
To prevent accidental or malicious deletions, the module sends a confirmation email containing a unique link with a cryptographic token. The token is generated with random_bytes of 32 bytes then converted to 64-character hexadecimal. Only its SHA-256 hash is stored in the database, never the token in clear text. The link expires after a configurable period (24 hours by default). The customer must also validate their password before the confirmation email is sent: this blocks deletion attempts by a third party who has access to an open session.
Detailed newsletter integrations
Three platforms are supported as standard. For Mailchimp, the endpoint used is POST on lists/{list_id}/members/{hash}/actions/delete-permanent, which permanently deletes the subscriber and prevents any future resubscription with this email (the true right to be forgotten under GDPR). An option allows you to switch to simple archiving if you prefer. For Brevo (formerly Sendinblue), it is DELETE on v3/contacts/{email} which removes the contact from all lists. If you enter a List ID, the contact is only removed from this specific list instead of being deleted entirely. For Mailjet, the module uses the official GDPR endpoint DELETE v4/contacts/{id} after lookup of the contact identifier. Each provider has a Test Connection button in the back office to validate the configuration before going to production.
Extensible architecture to add other platforms
Newsletter providers follow a Strategy pattern with a PHP interface DataFirefly/AccountDelete/ProviderInterface. Adding Sendgrid, Mailerlite, HubSpot, ActiveCampaign, or any other platform only requires creating a class extending AbstractProvider with four methods: isEnabled, getKey, deleteSubscriber, and testConnection. The class is then referenced in DataFirefly/AccountDelete/Service::getProviders. No other modification of the module is necessary. The README documentation shipped with the module details a complete example.
GDPR processing log
Every request is recorded in the ps_dfad_log table with only pseudonymized data: SHA-256 hash of the email (never the email in clear text), SHA-256 hash of the requester's IP, internal customer identifier, mode applied (anonymization or deletion), list of providers contacted with their HTTP return code, truncated user agent, shop identifier, UTC timestamp. This log serves as proof of processing in the event of a CNIL audit or dispute with a customer. It is deliberately not deleted when the module is uninstalled, to preserve this proof over time.
All data cleaned
In addition to anonymizing the customer account itself, the module cleans many related tables: ps_emailsubscription and ps_newsletter (native PrestaShop unsubscribe), ps_cart and ps_cart_product (non-ordered carts), ps_wishlist and ps_wishlist_product (wishlist if the native module is active), ps_compare and ps_compare_product (product comparator), ps_customer_thread and ps_customer_message (SAV exchanges), ps_guest (guest sessions not linked to orders). Addresses not linked to orders are deleted entirely, those linked to orders are anonymized (firstname, lastname, address1, postcode, city, phone replaced with neutral values).
There are no reviews yet.