LifterLMS is great – but unfortunately not fully GDPR-compliant

  • hakuna4matata

    (@hakuna4matata)


    1 month, 3 weeks ago

    I’ve been using LifterLMS for a while, and honestly, I think it’s a fantastic system:

    • clear course structure
    • well-designed membership features
    • solid integrations with payment providers

    However, there’s one major issue that makes it difficult (or impossible) to use LifterLMS in a GDPR-compliant way within the EU.

    When someone signs up for a free course or free plan, no email verification is required.
    This means:

    • Anyone can register with a fake or disposable email address – ban in any email marketing is guaranteed.
    • Even worse, it’s possible to enter someone else’s email address, and that person will automatically get access to the course – without giving consent.

    That’s a clear violation of GDPR principles, since personal data (like an email address) must not be processed without explicit permission.

    As a result, LifterLMS in its current state is not GDPR-compliant when offering free courses, lead magnets, or free trials. In practice, this means it can only be safely used for paid courses, which is a real pity – especially because free entry-level content is such an important part of modern online learning.

    I’d really like to see the LifterLMS team address this by:

    • adding mandatory email verification (even for free courses), and
    • including a clear note about this issue in the documentation.

    That would be a big step toward true GDPR compliance.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author chrisbadgett

    (@chrisbadgett)

    1 month, 3 weeks ago

    Thank you for the feedback here, and request for an email verification step, especially for free access plans. We will consider this feature request for future development.

    In the meantime, please explore the new security features in LifterLMS 9.0+ that can help prevent spam or invalid signups.

    Thank you for using LifterLMS and your detailed input.

    Thread Starter hakuna4matata

    (@hakuna4matata)

    1 month, 3 weeks ago

    Thank you for your response!

    We want to emphasize that we really love LifterLMS – after testing many LMS solutions, it was the only one that met (and even exceeded) our expectations in terms of technology, structure, and design. The recent updates show that the project is actively maintained, and we truly appreciate that.

    Our only challenge is the legal framework within the EU:
    For free courses or memberships, we are legally required to use Double Opt-In (DOI) during enrollment to ensure GDPR-compliant data processing. Without DOI, we have to rely on additional plugins for forms, memberships, and automation – just to handle this single compliance issue. Ideally, LifterLMS would offer an optional DOI feature for enrollments, similar to how newsletter tools manage it.

    Right now, we’re debating whether to continue with LifterLMS and this extra (and technically unnecessary) plugin stack or switch to another system that already includes DOI support to keep the installation lean and low-maintenance.

    It’s not an easy decision. We’d really prefer to stay with LifterLMS.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this review.

Tags