GDPR Compliance

Saleor handles few aspects of the GDPR regulation by default.

Deleting users

A user account can be deleted from the dashboard, by a staff user. This action takes place immediately.

From the storefront, a user can request his account deletion from within his profile settings, in such case, a confirmation email will be sent to the email address associated with the account.

Deleting a user will delete his account instance, but will leave all the data used for the checkout process untouched, for the financial record. This behavior is in accordance with the GDPR regulations.


All cookies used by Saleor are strictly necessary to move around the website and use its features, therefore there’s no need to notify the users about them.

Manual actions required

Privacy Policy and Terms of Service

Make sure your Terms of Service or Privacy Policy properly communicate to your users who you are and how you are using their data. We recommend you ensure your policies are up to date and clear to your readers.