When a customer completes their purchase and clicks the success link(s) on your ThriveCart hosted success page, or if you use the custom success page option and have customers redirected to your website post-purchase, ThriveCart sends their order information as part of a query string. This includes personally identifiable information (PII) such as their name, email address, etc. that is collected in checkout.
This is done so that you can customize their experience when they reach your site. You can find more information about the order query string here.
There may be times when you want to exclude PII data from ThriveCart to your website. For example, to prevent this information from being saved in your server logs, or in Google Analytics, or Meta (Facebook)’s requirements to not have personal information included in the URL Query Parameter.
Information about the order (currency, the amount paid, etc) will still be sent through, but specific details about the customer (name, email, address, custom fields) will be disabled.
We disable custom fields as these may contain PII.
This does not affect your webhooks as they will not be picked up by client-side tracking and transmitted to third parties like Google Analytics.
Exclude PII data from your query strings
To get started you’ll need to head over to your Settings area and then go to Legal & compliance.
Under Legal & compliance, you’ll want to click the Setup button next to the option for Exclude PII.
Once in the Exclude PII area, you’ll be able to enable this option.
Within those customer privacy settings, you can then set which customers this will be applicable for, either all customers globally or only customers within the EU.
You can also set it to only trigger on specific products.
Frequently Asked Questions (FAQs)
- Q: I’m receiving a “Review potentially violating personal data” error in Meta (Facebook), will this resolve it?
- A: Yes, once you enable these settings, customer data will no longer be passed in the query string. The Exclude PII data settings above are retroactive as well, so any existing customers that click access links in their emails will have the data not included when they go to your website.
- Q: I’ve enabled that setting, but the diagnostic error in Meta pops up again, what else can I do?
- A: This could potentially happen if customers bookmarked a success page from an order before this setting was changed. If they’re then visiting your site using this bookmark, the link with those variables has been saved on their device.
Another scenario is if you have a plugin or custom setup on your site that adds something similar to yoursite.com?email=example@gmail.com, then this too could trigger that warning in Facebook and you’ll want to remove that plugin/script to resolve this messaging.
- A: This could potentially happen if customers bookmarked a success page from an order before this setting was changed. If they’re then visiting your site using this bookmark, the link with those variables has been saved on their device.