# opengento/module-gdpr

> Gdpr Compliance Module for Magento 2

`composer require opengento/module-gdpr`

Canonical URL: https://packagento.com/opengento/module-gdpr

## At a glance

- **Vendor**: opengento (https://packagento.com/opengento.md)
- **Latest version**: 4.4.3 — released 2025-07-23
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/opengento/module-gdpr and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require opengento/module-gdpr:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Gdpr Compliance Module for Magento 2

## README

[![Latest Stable Version](https://img.shields.io/packagist/v/opengento/module-gdpr.svg?style=flat-square)](https://packagist.org/packages/opengento/module-gdpr)
[![License: MIT](https://img.shields.io/github/license/opengento/magento2-gdpr.svg?style=flat-square)](./LICENSE) 
[![Packagist](https://img.shields.io/packagist/dt/opengento/module-gdpr.svg?style=flat-square)](https://packagist.org/packages/opengento/module-gdpr/stats)
[![Packagist](https://img.shields.io/packagist/dm/opengento/module-gdpr.svg?style=flat-square)](https://packagist.org/packages/opengento/module-gdpr/stats)
[![Codacy Badge](https://img.shields.io/codacy/grade/e43739589ae249a58b4af6dfcd9c555a?style=flat-square)](https://www.codacy.com/gh/opengento/magento2-gdpr)

This extension fulfill the GDPR requirements for Magento 2.

 - [Setup](#setup)
   - [Composer installation](#composer-installation)
   - [Setup the module](#setup-the-module)
 - [Features](#features)
 - [Settings](#settings)
 - [Documentation](#documentation)
 - [Support](#support)
 - [Authors](#authors)
 - [License](#license)

### Setup

Magento 2 Open Source or Commerce edition is required.

#### Composer installation

Run the following composer command:

```
composer require opengento/module-gdpr
```

#### Setup the module

Run the following magento command:

```
bin/magento setup:upgrade
```

**If you are in production mode, do not forget to recompile and redeploy the static resources.**

### Features

**See the [screenshots](https://opengento.fr/magento2-gdpr/features) of the module's features.**

#### Users, guest and customer can:

* **[Art. 16 GDPR](https://gdpr-info.eu/art-16-gdpr/)** Edit their personal data (native in vanilla)

* **[Art. 17 GDPR](https://gdpr-info.eu/art-17-gdpr/)**
  * Customers can use their 'right to be forgotten'. Account deletion and anonymization can be done in 'My Account > Privacy Settings'.
    The password is required to ensure the customer legibility.
    The account will be erased within 1 hour, or as specified in configuration. The customer can undo the action in this time span.
  * Guest users can use their 'right to be forgotten'. Account deletion and anonymization can be done in the order view,
    they must fill the guest form first to show their order.
    The data will be erased within 1 hour, or as specified in the configuration. The guest can undo the action is this time spare.
  * The customers and guests will be erased after a configurable idle time.
  * The sales information are locked within a configurable time. These information are automatically erased after this period.
  
  As a merchant you can easily manage which type of entity must to be delete or anonymize. In the last case, 
the module allows to define which attribute must to be anonymize, and how it is.

Times are configurable too, you can define the period of cancellation for the erasure, 
the idle time for the users before they are erase, and the sales information lifetime.
  
* **[Art. 20 GDPR](https://gdpr-info.eu/art-20-gdpr/)**
  * Customers can export their data in `.zip` archive containing file, `.html` (many others are available), with personal data.
    Personal data export can be done in 'My Account > Privacy Settings'.
  * Guest users can export their data in `.zip` archive containing file, `.html` (many others are available), with personal data.
    Personal data export can be done in the order view, they must fill the guest form first to show their order.
* Cookie Policy in a disclosure popup are shown at the first time customer visit.

#### Details:

- [x] Erasure: delete or anonymize specific data thanks to configurable settings in admin ui.
- [x] Configure which order can be erased, regarding their state and life time.
- [x] Privacy data will be automatically erased after a delay.
- [x] Sales data are safely keeped till the preservation delay expired.
- [x] Choose the file name and the format of your choice for the privacy data export.
- [x] Choose which data is interpreted as privacy data and will be exported.
- [x] Actions related to the GDPR compliance are reported in the admin ui.
- [x] Merchants can execute and keep an eye on the performed actions from the admin ui.
- [x] Choose the CMS static block to show on the storefront by scope and features.
- [x] Enable or disable features for the storefront.
- [x] Notify the user when a GDPR action is performed, configure the template and sending settings.
- [x] Display the cookie disclosure pop-in and edit its content as you want.

#### Languages:

**Open contributions to translations can be done with [transifex](https://www.transifex.com/opengento/opengentomagento2-gdpr/).**

- [x] bg_BG ; Bulgarian
- [x] de_DE ; German
- [x] en_US ; English
- [x] fr_FR ; French
- [x] it_IT ; Italian
- [x] nl_NL ; Dutch
- [x] pl_PL ; Polish
- [x] th_TH ; Thai
- [x] da_DK ; Danish

*Many thanks to the translators who contributed directly here or with transifex!*

### Settings

The configuration for this module is available in 'Stores > Configuration > GDPR Compliance'.  

### Documentation

The documentation is available [here](https://opengento.fr/magento2-gdpr/).

### Support

Raise a new [request](https://github.com/opengento/magento2-gdpr/issues) to the issue tracker.

### Authors

- **Opengento Community** - *Lead* - [![Twitter Follow](https://img.shields.io/twitter/follow/opengento.svg?style=social)](https://twitter.com/opengento)
- **Thomas Klein** - *Maintainer* - [![GitHub followers](https://img.shields.io/github/followers/thomas-kl1.svg?style=social)](https://github.com/thomas-kl1)
- **Contributors** - *Contributor* - [![GitHub contributors](https://img.shields.io/github/contributors/opengento/magento2-gdpr.svg?style=flat-square)](https://github.com/opengento/magento2-gdpr/graphs/contributors)

### License

This project is licensed under the MIT License - see the [LICENSE](./LICENSE) details.

***That's all folks!***

## Recent Versions

| Version | Released |
|---|---|
| 4.4.3 | 2025-07-23 |
| 5.0.0-beta1 | 2024-08-28 |
| 4.4.2 | 2024-01-30 |
| 4.4.1 | 2023-03-16 |
| 4.4.0 | 2022-09-05 |
| 4.3.0 | 2022-08-13 |
| 4.2.3 | 2022-06-07 |
| 4.2.2 | 2022-05-16 |
| 4.2.1 | 2022-05-04 |
| 4.2.0 | 2022-04-29 |

Showing 10 of 44 versions. Full release history on https://packagento.com/opengento/module-gdpr.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| ext-zip | * |
| magento/framework | ^103.0 |
| magento/module-backend | ^101.0\|\|^102.0 |
| magento/module-cms | ^103.0\|\|^104.0 |
| magento/module-config | ^101.1 |
| magento/module-cookie | ^100.0 |
| magento/module-customer | ^102.0\|\|^103.0 |
| magento/module-email | ^101.0 |
| magento/module-newsletter | ^100.4 |
| magento/module-quote | ^101.1 |
| magento/module-review | ^100.3 |
| magento/module-sales | ^102.0\|\|^103.0 |
| magento/module-theme | ^101.0 |
| php | ^7.4\|\|^8.0 |
| tecnickcom/tcpdf | ^6.4 |

### Require (dev)

| Package | Constraint |
|---|---|
| magento/magento-coding-standard | ^5 |
| magento/marketplace-eqp | ^4.0 |
| roave/security-advisories | dev-master |

## Quality

Latest release (4.4.3) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | Pass | Pass |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Fail | 523 | 158 errors, 365 warnings (ruleset: Magento2) — 6 auto-fixable with phpcbf |
| PHPMD | Warning | 2 | 2 rule violations (MissingImport:2) |
| Cpd | Warning | 3 | 3 duplicated chunks spanning 99 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Pass | 0 |  |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 28 | 28 | – | – |
| 2.4.8 | – | 28 | 28 | – |
| 2.4.9 | – | – | 28 | 28 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | N/A | 0 | no resolvable dependency tree to audit — Your requirements could not be resolved to an installable set of packages. Problem 1 |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["opengento/module-gdpr"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

opengento is a Magento 2 vendor on Packagento. See https://packagento.com/opengento.md for their full catalogue.

