plugin-icon

WWU Right of Withdrawal for Popular Ecommerce Platforms

De Edoardo G.·
EU statutory withdrawal button (Art. 11a) for WooCommerce, FluentCart & EDD: two-step flow, durable-medium receipt, tamper-evident log.
fluentcart
GDPR
recesso
Valoraciones
Añadir una valoración
Versión
1.3.2
Última actualización
Jun 29, 2026
WWU Right of Withdrawal for Popular Ecommerce Platforms

Product page & docs: webwakeup.it/wwu-withdrawal-button | source code, issues & contributions: GitHub

From 19 June 2026, EU law (Directive (EU) 2023/2673, new Art. 11a of the Consumer Rights Directive; Italy: Art. 54-bis Codice del Consumo) requires online stores to provide a withdrawal function that lets consumers withdraw from a distance contract as easily as they concluded it. WWU Withdrawal Button adds that function — and everything around it you need to run it and to prove you did it right — to WooCommerce, FluentCart and Easy Digital Downloads.

How it works (in plain terms)

  1. An eligible customer opens their order and clicks the statutory «Withdraw from contract here» button — in their account, from a link in the order e-mail, or on a public page (no account needed: they look the order up with its number + e-mail).
  2. A simple two-step form appears: they review what they are withdrawing from (optionally ticking only some items — partial withdrawal is allowed), then confirm. No reason required, no hoops.
  3. The instant they confirm, the customer receives an acknowledgement of receipt on a durable medium — an e-mail, a PDF copy and a permanent verifiable link — showing exactly what was withdrawn and the precise date and time. The order is flagged «withdrawal requested».
  4. Every step is written to a tamper-evident, append-only log (hash-chained and timestamped) so you can prove what happened and when. You then handle the refund as usual — the plugin records that too.

That is the whole customer experience. Everything below exists to make it correct, easy to run, and defensible.

For your customers

  • A prominently displayed, legible button with the exact statutory wording per language (IT, EN, DE, FR, ES, SV — extensible).
  • The button appears where customers actually look: the account area (order list, order detail, a dedicated «Right of withdrawal» tab), a link inside order e-mails, a public self-service page with guest lookup, and anywhere via shortcodes or the Gutenberg block.
  • A short, reassuring step-by-step guide during the flow (timing, refund, returns); the wording and the withdrawal window (≥14 days — you may grant more) are editable.
  • When an order is genuinely exempt, a clear «why is the button not here» note explains the specific legal exception, instead of leaving the customer confused.
  • A human-readable verification certificate for the receipt (integrity, order, date, hash) — not raw code.

For you (the merchant)

  • An onboarding Dashboard with a setup checklist (one-click fixes), a plain «how it works» walkthrough, and a «where the button appears / why it might not» explainer.
  • A one-click e-mail delivery test that detects your SMTP plugin and proves the receipt actually reaches the inbox — the #1 cause of «nothing happened».
  • A Requests dashboard to manage every withdrawal: status (open / processed / refunded), a chain-integrity badge, and one-click mark processed, resend receipt and open the order to refund (the refund is logged as proof you met the 14 days). Subscription and partial-withdrawal requests are flagged.
  • A Compliance page: a go-live countdown, the statutory labels in use, the document checklist with ready-to-paste clauses, and environment warnings (Complianz / cache / multilingual) to fix.
  • Receipts are real WooCommerce e-mails (your logo, colours, header) with a preview. The withdrawal button and form inherit your theme’s typography and colour presets out of the box, so they blend in automatically; for finer control, restyle every part from Appearance Customize Additional CSS (built into WordPress), targeting the plugin’s documented CSS variables and classes.

Smart legal handling (so you don’t have to think about it)

  • Subscriptions — the law gives one 14-day right per contract, so the button shows on the initial order only and is hidden on renewals (WooCommerce Subscriptions, FluentCart, EDD Recurring). Fail-safe, with opt-in overrides.
  • Partial withdrawal — customers can withdraw from only some items of an order.
  • Art. 59 exemptions — tag products or categories by the specific statutory reason (events on a fixed date, digital content with immediate access, a service fully performed…). For the conditional reasons the plugin captures the customer’s express consent at checkout (WooCommerce classic + block, FluentCart, EDD), stores it as evidence, sends the required durable-medium confirmation, and only then hides the button. Physical products always keep the right — never hidden by mistake.
  • Applicability by country — EU/EEA consumers only (default) or always; B2B (VAT) orders can be treated as out of scope.

Evidence, timestamps & integrity

  • The immutable log is append-only and hash-chained (HMAC-keyed with your site secret), so tampering is detectable.
  • Recommended trusted timestamping (off by default — one click to enable): free, independently-verifiable OpenTimestamps (Bitcoin) anchoring, or a qualified eIDAS RFC 3161 timestamp (a free Sectigo endpoint, or your national authority — Aruba, InfoCert, D-Trust, Universign, FNMT, SwissSign), for an independent «data certa» of when each withdrawal was received. The hash chain is the baseline evidence on its own; once you enable a provider, failed stamps retry automatically and any not-yet-anchored records are surfaced in the admin. (It is off by default only because WordPress.org requires external calls to be opt-in — the plugin prompts you to switch it on.)

Privacy & GDPR

  • The log commits to an anonymised IP; the full IP lives separately and is erased after a configurable retention (10 years by default).
  • A Consent records screen lists and exports the exemption consents (CSV). Two ready-to-paste privacy clauses are generated (withdrawal log + exemption-consent), on a legitimate-interest basis. The uninstaller keeps the evidence log by default (legal hold) unless you opt to erase it.

Documents & compliance

  • Generates the Annex I-B model withdrawal form and ready clauses for pre-contractual information, Terms & Conditions and Privacy — and reminds you, clearly, that installing the button is not enough: your Terms and pre-contractual withdrawal article must be updated to describe the new button modality (the plugin gives you the exact text to paste).
  • A single consolidated «Right of withdrawal» notice, assembled live from your settings and the Art. 59 exceptions you selected, published three ways: the [webwakeupwdb_policy] shortcode, an auto-created page (one click to recreate it if you delete it) or a downloadable PDF — all managed from Compliance «Informativa sul diritto di recesso» (preview / create / open / freeze to static HTML / download). Optionally, two opt-in toggles append the same clauses to your Complianz Privacy Policy and Terms & Conditions (EU-only, off by default, with a live preview). It complements — it does not replace — your own legal texts.

Integrations & automation

  • A read-only REST API (authenticated with a standard Application Password) to list requests and check an order’s withdrawal status, plus an optional signed webhook (HMAC-SHA256) fired the moment a withdrawal is confirmed — for Zapier, Make, n8n, a CRM or a helpdesk. Privacy-first: the consumer’s IP is never exposed. 33 documented hooks/filters for developers.
  • Plays nicely with Complianz, TranslatePress and page-cache plugins (WP Rocket / LiteSpeed / W3TC).

Platforms & licence

  • WooCommerce (HPOS + legacy), FluentCart and Easy Digital Downloads (3.0+) through a common adapter — one plugin for all three. On FluentCart it can step aside automatically if FluentCart ships its own native withdrawal add-on, so customers never see two buttons.
  • Free and open source (GPLv3) — no upsell, no tracking, no remote scripts or fonts loaded on your site. Passed a full multi-dimension security audit (0 critical / 0 high).

This plugin is a technical aid to compliance and is not legal advice. Have your own counsel review your store’s documents.

External services

This plugin makes no external calls by default. Every outbound connection listed below is opt-in and stays off until you explicitly enable it in the settings. The tamper-evident log works fully offline — it is append-only and hash-chained with your site secret — so timestamping only adds an extra, independently-verifiable anchor; it is never required for the plugin to function.

OpenTimestamps (opt-in, off by default) — only if you set the timestamp provider to «OpenTimestamps» (Settings Receipt & evidence) does the plugin connect to the OpenTimestamps public calendar servers to obtain a free, trusted timestamp (a «data certa») for the log.

  • What is sent: only a SHA-256 hash (a one-way digest) of the immutable-log record, plus a random privacy nonce. No personal data, order content, names, emails or IP addresses are ever sent — only an opaque hash that cannot be reversed.
  • When: only while the provider is enabled — once when a withdrawal is confirmed (to submit the hash) and periodically via WP-Cron (to retrieve the Bitcoin-anchored proof). Nothing is ever sent while the provider is «None» (the default).
  • Where: the OpenTimestamps public calendars (a.pool.opentimestamps.org, b.pool.opentimestamps.org, a.pool.eternitywall.com, ots.btc.catallaxy.com).
  • Service info / privacy: https://opentimestamps.org/

RFC 3161 / eIDAS timestamp authority (opt-in, off by default) — if you instead set the provider to an RFC 3161 authority, the same one-way SHA-256 hash (no personal data) is sent to the authority URL you configure. This is a provider you choose and contract with directly (examples: a free Sectigo endpoint, or a national authority such as Aruba, InfoCert, D-Trust, Universign, FNMT, SwissSign); please review that provider’s own terms of service and privacy policy. No such call is made until you enable it.

Outbound webhook (opt-in, off by default — Settings Integrations) — if enabled, the plugin sends a signed POST to the endpoint URL you specify whenever a withdrawal is confirmed. The payload carries a verification hash and contract reference, never the consumer’s IP address.

No other external services are used. The plugin does not load remote scripts, fonts or trackers on your site.

Privacy

The plugin records withdrawal declarations (name, identified contract, email, IP address, date and time) in an append-only, tamper-evident log on your own server, because Art. 54-bis requires this as legal evidence (GDPR Art. 6(1)(c)/(f)). It generates a ready-to-paste privacy clause for your policy. Data is retained for a configurable period (10 years by default), and the uninstaller keeps the evidence log by default (legal hold) unless you opt to erase it.

For the conditional Art. 59 exemptions, the plugin also stores the consumer’s checkout consent + acknowledgement (the agreed wording, a hash, the date/time and — unless you turn it off — the IP) as evidence to prove the exemption is valid. The lawful basis is legitimate interest (GDPR Art. 6(1)(f); defence of legal claims), not GDPR consent. The IP lives only on the order (never in the immutable log) and is automatically anonymised once the retention period lapses. A second ready-to-paste privacy clause is generated for this processing.

Gratisen planes de pago
Comenzar
Al instalarlo, aceptas las condiciones del servicio de WordPress.com y las condiciones de los plugins de terceros.
Probado hasta
WordPress 7.0
Te puedes descargar este plugin para utilizarlo en tu sitio de .
Descargar