GDPR / TCPA compliance

CartBounty helps to save abandoned carts and uses customer personal data to send abandoned cart reminders. A lot of thought and effort has been put into making sure cart abandonment messages deliver great customer experience. CartBounty is respectful of customer personal data and takes privacy very seriously. This guide is designed to help safely use CartBounty in compliance with GDPR and TCPA regulations.

1. Background

About GDPR

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.

CartBounty integrates with built-in WordPress privacy features which allows it to be fully compliant with the GDPR requirements, e.g., allowing users the right to access their data, delete it, export etc.

About TCPA

The Telephone Consumer Protection Act (TCPA) is used in the United States and it limits the use of automated SMS text messages, prerecorded voice messages etc. without the recipient’s prior consent.

While TCPA specifies several requirements, here are the main ones which apply to CartBounty SMS text message reminders:

  • Collect explicit prior written consent from customer before sending a message
  • Inform customers what kind of text messages will they be receiving
  • Honor opt-out requests sent through any channel
  • Avoid sending text messages during quiet hours from 21:00 to 08:00 in the message recipient’s time zone

2. Privacy policy update

Before starting to save abandoned carts and sending reminders, please make sure your store visitors can access privacy policy and it is up to date. We have outlined the main sections you might want to include in your Privacy policy and provided suggestions that might be necessary. Please use our privacy policy suggestions to create a comprehensive privacy policy document and consult your legal team. Follow these steps to update store’s privacy policy:

  1. Go to your WordPress dashboard > Settings > Privacy
  2. Switch to Policy guide tab
  3. Open CartBounty privacy policy and make sure to use this information to update privacy policy
WordPress privacy policy guide
WordPress privacy policy guide

Privacy policy guidance provided by CartBounty is there so you could inform your visitors how their personal data is used, what information is saved, what are the reasons for saving it, how long it will be kept, ways to delete etc. All of this is necessary to be compliant with GDPR.

3. Sending email reminders

CartBounty saves and stores user data to send abandoned cart reminder emails and improve user experience during checkout process by remembering user input.

Abandoned cart reminder emails are considered to be transactional emails because a user that added a product to the shopping cart showed an intention to buy. Transactional emails are direct one-to-one emails with personalized information regarding a transaction a customer did or started on a site and these emails include:

  • Order confirmations
  • Delivery updates
  • After purchase receipts
  • Cart abandonment reminders

Therefore CartBounty does not require to collect consent from the customers to send abandoned cart recovery emails (the same as Shopify does it). However, this does not apply to SMS text message reminders.

4. Sending SMS text message reminders

To comply with GDPR and TCPA rules while sending abandoned cart reminder text messages, store owners should know how to collect customer consent, what should be included in the reminder message and when it can be sent. Please follow these steps to make sure you are compliant:

  1. Make sure store’s privacy policy is updated
  2. Opt-in customers to receive abandoned cart SMS text messages
  3. Include an opt-out option in your text message
  4. Enable quiet hours so you would not disturb customers during their sleep

5. Opt-in customers for text messages

CartBounty allows an easy way to collect customer consent about text messages both during WooCommerce checkout and in tools like Exit Intent and Early capture. Please follow these steps to enable it.

  1. Go to your WordPress dashboard > WooCommerce > CartBounty Pro
  2. Open Settings tab
  3. Enable phone number consent
  4. Use the “Save settings” button

From now on, text messages will be sent out only to those abandoned cart users who have provided their consent. This does not in any way affect email reminders and they will continue to be working as before.

Please make sure to clear cache after enabling this and check your WooCommerce checkout form to see if the phone consent checkbox is under phone input field.

WooCommerce checkout form after enabling phone number consent
WooCommerce checkout form after enabling phone number consent

By enabling phone number consent collection in the settings, it will also automatically be applied to CartBounty provided efficiency tools, e.g., Exit Intent and Early capture which offer excellent ways to easily collect both customer consent and phone number data.

Example of a phone number consent request inside Early capture
Example of a phone number consent request inside Early capture

Please note that this guide is not a legal advisory and you should not rely on it as a legal advice. We recommend consulting with your legal team to make sure you are fully compliant with all the rules and regulations that apply to your business and country. We reserve the right to change this guide at any time without notice.

What’s next

Now that you have taken care of privacy policy and compliance with regulations, you might be interested in the following topics:

Last updated 4 months ago

Support

Need premium support for CartBounty Pro?

Please use the button below, reply to your purchase receipt or contact us with e-mail including your license key. This will guarantee a faster response time.

Get Premium support
CartBounty