A key requirement is to keep the personally identifiable information (PII) of your customers as secure as possible.  To this end, we will by default destroy PII a number of days after the order has been finalised (shipped, refunded, cancelled, picked up or manually fulfilled) so that in the unlikely event of a security compromise none of your customer data is exposed.


By default, the system is set to destroy PII 7 days after the order has reached its end-state, though this can be configured by you if you want to change the number of days (or disable this feature entirely).  
Go to Settings > Administration and set the number of days to wait before obfuscating the customer data in the Order Management section.  
Note that setting number of days to zero will disable this feature, though it is strongly recommended that you do allow PII to be destroyed in this way once the order has reached its end-state.


Once the specified number of days has passed, the following fields will be replaced by a random string:

  • customer name
  • address
  • email
  • phone number


Note that customer information obfuscated in this way cannot be restored, and follows best practice for protecting personally identifiable information (PII).  You will need to access historical order data either from your own order management system or from the marketplace.