WooCommerce compliance
WooCommerce is self-hosted, so almost nothing is handled for you — you own the stack, the data, and therefore the compliance. That's more control and more responsibility than a hosted marketplace. Here's each rule that applies — what it asks of you, and a free 60-second checker for each. No signup, nothing stored.
Collect data from EU/UK visitors? Check your privacy policy, cookie consent, and data-rights handling.
Sell to US consumers? California + new state laws require a privacy notice, opt-out, and a 'Do Not Sell' link.
Run subscriptions? Check your signup & cancel flow against federal ROSCA + 30+ state auto-renewal laws.
Make AI images, video, or text? From Aug 2026 the EU AI Act requires it labelled.
Sell online to EU customers? Since June 2025 your site must be accessible (WCAG 2.1 AA).
US website? Check the basics that drive ADA accessibility lawsuits — and avoid overlay-only fixes.
Accept card payments? Check that card data never touches your server and your checkout is locked down.
Send marketing emails? Check for a clear unsubscribe, your postal address, and honest headers.
Text your customers? Check for written consent, STOP opt-out, and sender ID before you send.
Use reviews, testimonials, influencers or affiliates? Penalties run to ~$53k per violation.
Sell online to EU consumers? You owe a 14-day right of withdrawal, pre-contract info, the model withdrawal form, and order confirmation on a durable medium.