Articles in this section

Responding to GDPR Requests

Iterable provides API endpoints that can help you respond to General Data Protection Regulation (GDPR) right of access and right to be forgotten requests.

Table of contents

Iterable's API

First, learn about Iterable's API:

Right of access requests

To export a user's data from a particular Iterable project, use an API key for the project to call GET /api/export/userEvents and GET /api/users/{email}.

Call these endpoints for each project from which you'd like to export the user's data.

NOTE

For more information about exporting data, read Backing Up Important Data.

Right to be forgotten requests

To respond to right to be forgotten requests, Iterable allows you to:

Deleting users

IMPORTANT

Deleting a user removes all their information from an Iterable project: user profile, subscription preferences, list memberships, campaign events and custom events.

To delete information about a user from an Iterable project, use an API key for that project to call one of the following APIs:

Deleting a user does not prevent Iterable from collecting more data about the user, if it's ever received.

Before deleting users, consider your project type. In email-based projects and hybrid projects, you can delete users by email or userId. In userID-based projects, you can delete users only by userId.

For more information about deleting users, read Deleting Users.

Forgetting users

IMPORTANT

  • It can take up to ten minutes for Iterable to forget a user.
  • Use this endpoint only for handling right to be forgotten requests.

The POST /api/users/forget API endpoint does two things:

  • Deletes the user's data from the Iterable project.
  • Prevents Iterable from collecting more information about or sending messages to that user.

For a given user, call this endpoint for each project necessary.

Before forgetting or unforgetting users, consider your project type:

  • In email-based projects, you must forget and unforget users by email, not userId.
  • In userID-based projects, you must forget and unforget users by userId, not email.
  • In hybrid projects, you can forget and unforget users by email or userId (and you can use one identifier to forget, and the other to unforget).

Unforgetting users

The POST /api/users/unforget API endpoint restores a given Iterable project's ability to store information about and send messages to a user who had previously been forgotten. However, it does not recover any data stored about the user before they were forgotten.

For a given user, call this endpoint for each project necessary.

Before forgetting or unforgetting users, consider your project type:

  • In email-based projects, you must forget and unforget users by email, not userId.
  • In userID-based projects, you must forget and unforget users by userId, not email.
  • In hybrid projects, you can forget and unforget users by email or userId (and you can use one identifier to forget, and the other to unforget).

Listing hashed unique identifiers of forgotten users

To get a list of hashed unique identifiers associated with users forgotten by an Iterable project, use an API key for the project to call GET /api/users/forgotten.

To check if the list of forgotten IDs contains a particular email address or user ID:

  • Lowercase the email address or user ID.
  • Strip out all whitespace.
  • Calculate the SHA-256 hash.
  • Check the list for the hashed value.

Iterable is unable to provide you with a list of forgotten users.

Further reading

Related articles

Comments

0 comments

Article is closed for comments.