# Privacy & GDPR: Handling sensitive product data in order lines For merchants whose product catalog may reveal special category data under GDPR Article 9. When you create an order in Kustom, the `order_lines` array includes product names, references, and descriptions from your catalog. For most merchants this is straightforward — but if you sell products in sensitive categories, those product names can reveal personal information about your customers. This article explains what qualifies as sensitive under GDPR Article 9, why it matters, and how to anonymize order lines correctly so your integration stays compliant without losing operational clarity. ## Why this matters GDPR Article 9 defines "special categories of personal data" — types of data that carry a higher risk of harm if exposed, and that require a stricter legal basis to process. Product names sent in an order payload can fall into these categories. A product name like "Sertraline 50mg" (a common antidepressant) or an item from a religious bookshop reveals information about your customer that goes well beyond a typical purchase. As a merchant, you are the data controller and responsible for what you send. ## Which product categories are affected GDPR Article 9 defines eight special categories of personal data. Any product whose name, description, or category directly reveals or strongly implies one of these attributes about your customer should be anonymized in the order line sent to Kustom. | GDPR Article 9 category | E-commerce examples that may reveal it | Applies to merchants selling… | | --- | --- | --- | | Health data | Prescription medications (e.g. "Sertraline 50mg"), diagnostic tests, mobility aids, incontinence products, hearing aids | Pharmacies, medical supply, health & wellness | | Sex life or sexual orientation | Intimacy products, sexual health items, LGBTQ+ themed merchandise | Sexual wellness, adult retail | | Religious or philosophical beliefs | Religious texts, prayer items, dietary supplements with explicit religious labeling (e.g. halal, kosher supplements), faith-based courses | Religious bookshops, specialty food, online courses | | Racial or ethnic origin | Products tied to specific ethnic identity or heritage — where the product name alone reveals origin | Cultural goods, heritage food, specialist cosmetics | | Political opinions | Memberships, branded merchandise, or publications explicitly tied to a named political party or movement | Political organizations, media, advocacy groups | | Trade union membership | Union membership packages, union-branded merchandise | Labor unions, professional associations | | Genetic data | DNA testing kits, genetic screening services | Health tech, direct-to-consumer diagnostics | | Biometric data | Fingerprint or facial recognition device enrollment services | Security tech, access control | Tip If you are unsure whether a specific product qualifies, err on the side of anonymizing it. The cost of over-anonymizing is minimal; the risk of under-anonymizing is a GDPR compliance issue. ## What to do: anonymize at the order line level Instead of sending your real product name in the `name` field, replace it with a generic description that makes clear the data has been intentionally anonymized. Use your internal SKU or product reference in the `reference` field — this preserves your ability to reconcile orders internally without exposing the product name to Kustom's systems. ### Before — do not send this Avoid — exposes health data ```json { "order_lines": [ { "name": "Sertraline 50mg Tablets - 28 pack", "reference": "SKU-SER-50MG-28", "quantity": 1, "unit_price": 18900, "total_amount": 18900, "tax_rate": 0, "total_tax_amount": 0 } ] } ``` ### After — send this instead Recommended — anonymized order line ```json { "order_lines": [ { "name": "Health product (anonymized)", "reference": "SKU-SER-50MG-28", "quantity": 1, "unit_price": 18900, "total_amount": 18900, "tax_rate": 0, "total_tax_amount": 0 } ] } ``` Your internal SKU is retained in the `reference` field for reconciliation. ## Recommended name formats by category Use a consistent, clearly identifiable generic label. The label should be human-readable enough for support and reconciliation, but not reveal any product specifics. | Product category | Recommended `name` value | | --- | --- | | Pharmacy / prescription / OTC medication | `Health product (anonymized)` | | Mental health | `Health product (anonymized)` | | Sexual wellness | `Wellness product (anonymized)` | | Disability or care aids | `Care product (anonymized)` | | Addiction support | `Health product (anonymized)` | | Religious goods or faith-based products | `Product (anonymized)` | | Ethnicity or cultural identity goods | `Product (anonymized)` | | Political membership or publications | `Product (anonymized)` | | Genetic testing / diagnostics | `Health product (anonymized)` | | Trade union membership or branded goods | `Product (anonymized)` | The word **(anonymized)** in the name label is intentional. It signals to Kustom's systems, your internal operations, and any compliance audit that the anonymization was deliberate — not a data error. Do not use vague labels like "product" or "item" alone, as these could be confused with integration mistakes. ## What happens on the customer-facing confirmation page The `name` field is displayed to your customer on the Kustom Checkout confirmation page and in post-purchase communications from payment methods like Klarna. Customers who purchase sensitive products will see the anonymized label instead of the product name. We strongly recommend informing customers of this during checkout — for example with a short note in your order confirmation email: > "For your privacy, sensitive product names are not displayed in payment confirmations." ## Mixed carts: sensitive and non-sensitive products together If a customer's cart contains both regular products and sensitive products, only anonymize the sensitive lines. Non-sensitive items can keep their real product names. ```json Mixed cart example { "order_lines": [ { "name": "Water Bottle 500ml", "reference": "SKU-WB-500ML", "quantity": 1, "unit_price": 19900, "total_amount": 19900, "tax_rate": 2500, "total_tax_amount": 3980 }, { "name": "Health product (anonymized)", "reference": "SKU-SER-50MG-28", "quantity": 1, "unit_price": 18900, "total_amount": 18900, "tax_rate": 0, "total_tax_amount": 0 } ] } ``` ## How to implement this in your integration ### Identify sensitive categories Identify which product categories in your catalog contain sensitive data. Coordinate with your DPO or legal team if unsure. ### Tag sensitive products Tag sensitive products in your product database — for example with a boolean flag like `is_sensitive: true`. ### Anonymize in your order payload In the code that builds your Kustom order payload, check each line item. If `is_sensitive` is true, replace `name` with the appropriate generic label before sending to the API. ### Retain real names internally Always retain the real product name in your own backend systems — you need it for fulfillment, returns, and disputes. Only the name sent to Kustom needs to be anonymized. ### Test in Playground Test in the Kustom Playground environment to verify the anonymized labels appear correctly on the confirmation page and in Developer Logs. ## Disputes involving anonymized order lines If a dispute arises for an order with anonymized line items, you may need to provide evidence. When submitting dispute evidence through Kustom Portal, you can reference your internal order records — including the real product name — in the evidence you submit directly, separate from what was sent in the API payload. Your SKU in the `reference` field allows you to look up the real product at any time from your own systems.