Anonymize a Single Customer (GDPR Removal)
Look up a customer by email and erase their personal data in one confirmed action. Every order is scrambled - while order numbers, line items, and totals stay intact for accounting and reporting - the customer's checkouts (guest and registered) are deleted to clear address and email data on abandoned carts, and finally the account itself is deleted. This is the classic "right to be forgotten" flow. Checkout deletion requires Saleor 3.23+; on older stores the step is skipped and noted in the UI.
Delete Gift Cards
Gift card personal data is read-only in Saleor, so the only way to remove it is to delete the card - which also permanently destroys its remaining balance. The app offers two explicit, confirmation-gated actions that show the per-currency balance at risk before deleting: delete a customer's gift cards by email (matching both cards they created and cards they redeemed) for erasure requests, or delete every gift card in the store when sanitizing a dev or staging copy.
Bulk Anonymization for Production Snapshots
Sanitize a whole store at once. Scan every order and customer, then anonymize all orders, delete all non-staff customers, and delete every checkout - ideal for cleaning a production database copy before developers use it in staging or development. Runs are idempotent: anonymized orders are flagged in metadata and skipped on re-runs, so failed records are safely retried. Checkout deletion requires Saleor 3.23+, and checkouts that still have payment transactions cannot be deleted and are reported as failures.
No Backend, Nothing Stored
The app runs entirely in the browser inside the Dashboard iframe. It has no backend, no database, and stores no data or tokens - every change goes through the standard Saleor GraphQL API using the token the Dashboard provides. Anonymization is irreversible and requires explicit confirmation; non-identifying address fields (city, postal code, country) are intentionally preserved so analytics by region keep working.
