Iterable provides API endpoints that can help you respond to General Data Protection Regulation (GDPR) right of access and right to be forgotten requests.
Table of contents
Iterable's API
First, learn about Iterable's API:
Right of access requests
To export a user's data from a particular Iterable project, use an API key for
the project to call GET /api/export/userEvents
and GET /api/users/{email}
.
Call these endpoints for each project from which you'd like to export the user's data.
NOTE
For more information about exporting data, read Backing Up Important Data.
Right to be forgotten requests
To respond to right to be forgotten requests, Iterable allows you to:
- Delete users
- Forget users (which also deletes them)
Deleting users
IMPORTANT
Deleting a user removes all their information from an Iterable project: user profile, subscription preferences, list memberships, campaign events and custom events.
To delete information about a user from an Iterable project, use an API key for that project to call one of the following APIs:
Deleting a user does not prevent Iterable from collecting more data about the user, if it's ever received.
Before deleting users, consider your project type.
In email-based projects and hybrid projects, you can delete users by email
or userId
. In userID-based projects, you can delete users only by userId
.
For more information about deleting users, read Deleting Users.
Forgetting users
IMPORTANT
- It can take up to ten minutes for Iterable to forget a user.
- Use this endpoint only for handling right to be forgotten requests.
The POST /api/users/forget
API endpoint does two things:
- Deletes the user's data from the Iterable project.
- Prevents Iterable from collecting more information about or sending messages to that user.
For a given user, call this endpoint for each project necessary.
Before forgetting or unforgetting users, consider your project type:
- In email-based projects, you must forget and unforget users by
email
, notuserId
. - In userID-based projects, you must forget and unforget users by
userId
, notemail
. - In hybrid projects, you can forget and unforget users by
email
oruserId
(and you can use one identifier to forget, and the other to unforget).
Unforgetting users
The POST /api/users/unforget
API endpoint restores a given Iterable project's ability to store information
about and send messages to a user who had previously been forgotten.
However, it does not recover any data stored about the user before they were forgotten.
For a given user, call this endpoint for each project necessary.
Before forgetting or unforgetting users, consider your project type:
- In email-based projects, you must forget and unforget users by
email
, notuserId
. - In userID-based projects, you must forget and unforget users by
userId
, notemail
. - In hybrid projects, you can forget and unforget users by
email
oruserId
(and you can use one identifier to forget, and the other to unforget).
Listing hashed unique identifiers of forgotten users
To get a list of hashed unique identifiers associated with users forgotten by an
Iterable project, use an API key for the project to call GET /api/users/forgotten
.
To check if the list of forgotten IDs contains a particular email address or user ID:
- Lowercase the email address or user ID.
- Strip out all whitespace.
- Calculate the SHA-256 hash.
- Check the list for the hashed value.
Iterable is unable to provide you with a list of forgotten users.
Comments
0 comments
Article is closed for comments.