EU Withdrawal Compliance

The EU Directive 2023/2673 obliges every online retailer in the European Union to offer a digital withdrawal function from June 19, 2026. The directive requires that exercising the right of withdrawal must be at least as easy as concluding the contract was: a single click should be enough.

This plugin gives you the most complete implementation in the WordPress.org directory — fully free, no paid tier, no upsells, no premium add-ons — with three features that no other plugin in the directory offers:

• Verifiable SHA-256 receipt hash: every withdrawal request issues a tamper-evident hash to the customer as durable-medium proof, recoverable from the stored fields if a dispute later arises.
• Article 16 exclusions with category inheritance: mark products or whole WooCommerce categories as excluded from the right of withdrawal — subcategories inherit automatically — included at no extra cost (some competing plugins gate this feature behind their own paid Pro tier).
• Native GDPR integration: contributes a suggested Privacy Policy snippet and registers a personal-data exporter and eraser so admins can answer access and erasure requests directly from Tools → Export / Erase Personal Data, no second plugin required.

Plus a clean, ready-to-deploy WooCommerce-first implementation:

• A public withdrawal page automatically created on activation, pre-filled with a neutral, multilingual sample template (with a clear “review with a legal advisor” disclaimer) and the form embedded via shortcode.
• A [ayudawp_withdrawal_form] shortcode you can use anywhere in your site.
• A “Right of withdrawal” endpoint inside the WooCommerce My Account area, with a per-order “Withdraw” button shown only while the configured withdrawal window is open.
• Automatic injection of an “Exercise withdrawal right here” notice with link to the form inside WooCommerce transactional emails (processing, completed and customer invoice), to comply with the trader’s obligation to inform consumers about the existence and placement of the withdrawal function. The list of eligible order statuses is configurable from the settings page (defaults to Processing and Completed).
• Automatic verification of the order/email pair when WooCommerce is active, including the 14-day deadline check.
• Configurable deadline calculation: choose whether the 14-day window starts from the order date or from the WooCommerce completion date, and add extra grace days from the settings page.
• Article 16 exclusions: mark individual products or whole categories as excluded from the right of withdrawal (custom-made, perishable, sealed digital, etc.). Requests on orders containing excluded items are flagged for the admin to review manually — never auto-rejected, since a partial withdrawal over the rest of the order can still be valid.
• Verifiable receipt hash: every submission generates a SHA-256 hash sent to the customer in the confirmation email so they keep a tamper-evident proof on a durable medium.
• Private order notes added to the WooCommerce order at every step of the lifecycle: when the request is received and again when it is accepted, rejected or marked as completed (including the admin’s comment if any).
• Confirmation email to the customer on submission and a follow-up email when the request is accepted, rejected or completed. Optional admin comment is forwarded to the customer (required for rejections, optional for completed). Notification email to the shop admin (with reply-to set to the customer for fast handling, sanitized against header injection).
• Full request log as a private custom post type, with status tracking (pending, accepted, rejected, completed), customer details, IP address, user agent and submission timestamp for legal traceability.
• Bulk actions in the withdrawals listing to mark several requests as accepted, rejected or completed at once.
• “Withdrawal” column in the WooCommerce orders screen (legacy and HPOS) showing the status of any linked request, toggleable from “Screen Options”.
• Native integration in the WooCommerce admin menu: settings live at WooCommerce → EU Withdrawal, request log at WooCommerce → Withdrawals.
• Honeypot anti-spam protection.
• Conditional asset loading: CSS only loads on the withdrawal page and inside the plugin admin screens.
• Native integration with the WordPress GDPR tools: suggested Privacy Policy snippet, personal data exporter and eraser available from Tools → Export Personal Data and Tools → Erase Personal Data, all keyed on the customer email.
• Translation-ready, fully escaped, follows WordPress Coding Standards, HPOS-compatible.

Why this plugin?

The EU directive will be enforced in every member state from June 19, 2026, so several plugins offer a basic withdrawal button. This one stands out because:

• It is fully free with no paid tier, no premium add-on and no feature locked behind an upsell. Everything described in this page is what you get on install.
• It is the only plugin in the directory that issues a SHA-256 receipt hash as durable-medium proof of every withdrawal request, recoverable from the stored fields if a dispute later arises.
• It is the only plugin in the directory that ships Article 16 product/category exclusions with full subcategory inheritance — a feature that competing plugins gate behind their own paid Pro tier.
• It is the only plugin in the directory that integrates natively with the WordPress GDPR tools (suggested privacy snippet + personal-data exporter and eraser) — no second GDPR plugin to install.
• It works with Sequential Order Numbers (free and Pro), Custom Order Numbers for WooCommerce (WPFactory) and YITH numbering schemes out of the box.
• It offers a configurable deadline calculation (order date vs. WooCommerce completion date) and configurable grace days from the settings UI, without writing code.
• It exposes 6 documented filters and 2 actions so developers and agencies can extend it without forking.
• It is maintained by a Spanish WordPress trainer with 15+ years on the platform: bundled es_ES translation, prompt replies on the WordPress.org support forum and an active roadmap of free improvements.

Roadmap

Planned for upcoming free versions:

• Rate limiting on the public form to prevent abuse.
• Custom WooCommerce order status “Withdrawal requested” with automatic transition on acceptance.
• Urgency indicators in the request list (days remaining, expired).
• Signed token in the email link so guest customers can check status without logging in.
• Optional IBAN field to speed up manual refunds.
• Dashboard widget with counters and pending requests.
• CSV export of withdrawal requests for audit and accounting.
• PDF download of the request with the receipt hash printed on it.
• HTML email templates that inherit the WooCommerce email theme.
• Optional modal display mode for the shortcode.
• Visible audit log on each request.

Privacy

This plugin stores the following personal data for each withdrawal request, exclusively to fulfil the legal traceability of consumer rights and to allow the shop to handle the request:

• Customer name and email address (required to contact the consumer about the request).
• Order reference and order date (required to validate the request against the purchase).
• IP address and User-Agent string (required to evidence when and how the request was submitted, in line with the directive’s “durable medium” requirement).
• Submission timestamp (UTC) and SHA-256 receipt hash (required to recompute and verify the integrity of the original submission if disputed).

Data is stored as a private custom post type entry (ayudawp_withdrawal) accessible only to administrators. The plugin does not transmit any data to third-party services; all communication happens between the shop and the customer via standard WordPress emails.

You should add a section to your site’s privacy policy describing this storage. The plugin contributes a suggested Privacy Policy snippet that you can paste from Settings → Privacy → Policy Guide. Withdrawal data is also exposed to the native WordPress Tools → Export Personal Data and Tools → Erase Personal Data screens (filtered by customer email).

Support

Need help or have suggestions?

• Official website
• WordPress support forum
• YouTube channel
• Documentation and tutorials

Love the plugin? Please leave us a 5-star review and help spread the word!

About AyudaWP.com

We are specialists in WordPress security, SEO, AI and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.