What Data Is Collected
The short version
Customer History records a deliberately small amount of data: which pages people view, a few WooCommerce actions (search, add-to-cart, order), and the customer and order details WooCommerce already holds. It does not profile the browser, fingerprint visitors, or look anyone up against an external service. Everything stays in your own database.
On-site activity
For each recorded page view, one row is written with:
- Page — the path the visitor is on.
- WordPress user ID — if they’re logged in (guests are recorded without one).
- Referrer — the address they arrived from, stored exactly as the browser reports it (it is not classified into “organic / social / email”).
- Session identifier — groups the page views in a single visit.
- IP address — stored as-is.
- Timestamp — adjusted to your site’s timezone.
About IP addresses
IP addresses are stored as received — there is no built-in IP-anonymization or “don’t store IPs” setting. If your privacy policy requires anonymized IPs, account for that in how you operate the plugin.
Searches, cart, and orders
A few specific WooCommerce actions are logged in the same activity feed:
- On-site searches — the keyword a shopper searched for.
- Add to cart — the product (and quantity) added.
- Completed orders — linked back to the WooCommerce order.
Product and category “views” are read from these page-path rows — there’s no separate per-product dwell-time or click-path capture.
Customer & order details
Profiles are built from data WooCommerce and WordPress already store — Customer History reads it, it doesn’t re-collect it:
- Name, username, email, and WordPress role.
- Billing country/region and website from the customer’s account.
- Orders, order status, totals, products purchased, refunds, and lifetime spend.
The country shown on a profile is the customer’s WooCommerce billing address — it is not derived from their IP address.
Abandoned carts Pro
With Pro’s abandoned-cart tracking enabled, an additional record is kept per cart:
- Cart contents, item count, and value.
- Status (active, abandoned, recovered, completed) with timestamps.
- The billing email, if the shopper enters it at checkout.
- IP address and the raw user-agent string for that cart.
What isn’t collected
Just as important as what’s recorded is the long list of things that are not:
- No browser profiling — no device type, operating system, browser name, or screen resolution. (A raw user-agent string is kept only on Pro abandoned-cart records and when flagging a bot; it is never parsed into device or browser stats.)
- No location lookup — no country, region, or city derived from the IP, and no browser timezone.
- No marketing attribution — no UTM/campaign parsing and no traffic-source classification.
- No derived session metrics — entry/exit page, session duration, page count, time-on-product, search-result counts, and clicked search results are not stored.
- Never captured — passwords, payment-card details, form-field contents, keystrokes, or mouse movement.
Where it’s stored & who can see it
- Location: custom tables in your own WordPress database — nothing is sent to an external server or API.
- Access: the reports live in wp-admin and are limited to users who can manage WooCommerce (store administrators and shop managers).
Data retention
In the free version, recorded activity is kept until you remove it — there’s no automatic expiry. Pro adds tools under Customer History → Settings to export your activity data or empty the tables (including deleting a chosen date range), plus automatic cleanup of old abandoned-cart records.
GDPR & your data
Because everything is self-hosted, there are no third-party processors to account for. The plugin works with WordPress’s built-in personal-data export and erase tools, and Pro’s abandoned-cart records integrate with WooCommerce’s personal-data export/erase. For the full privacy picture, see Self-Hosted Data, Privacy & GDPR.
Still need a hand?
Can’t find the answer here? Send a note and the founder will help.
Contact support