By default, Saleor handles several aspects of the regulations introduced by the GDPR.
A user account can be deleted from the dashboard level by a staff user. This action is processed immediately.
Users are also able to request their account to be deleted, from the storefront level, on their user profile settings. In such case, a confirmation email is sent to the email address associated with the account.
Deleting a user removes their account instance. All data used for the checkout process are left untouched. This is to keep track of financial transaction.
This solution follows the GDPR regulations.
All cookies used by Saleor are strictly necessary to move around the website and use its features, therefore there is no need to notify the users about them.
We recommend that you ensure your policies are kept up to date and are clear to your readers.