The API endpoint /publisher/gdpr/delete removes all the personal information about the user with the provided UID available in the application specified in the AID parameter. Based on the selected value for parameter scope this either includes only PII (personally identifiable information) data or ALL user data. That will include all PII data (such as UID, email, first/last name, or any tokens) plus any information related to the user's subscriptions, transactions, conversions, or payments. This endpoint was specifically built to satisfy the GDPR requests of end-users and make sure that all relevant data is being removed from Piano's end.
Please use caution when using this endpoint as user data is being removed.
Data is obfuscated and once the API is run, you won't be able to reactivate the user account anymore. The user account and data are removed within 24 hours following the initiation of the /publisher/gdpr/delete request.
Sample request for removing any PII user data:
https://api.piano.io/api/v3/publisher/gdpr/delete?aid=<AID>&api_token=<API_token>&uid=<UID>&scope=PII
Sample request for removing all user data:
https://api.piano.io/api/v3/publisher/gdpr/delete?aid=<AID>&api_token=<API_token>&uid=<UID>&scope=ALL
A successful response for a GDPR deletion request looks like this:
{
"code": 0,
"ts": 1630068148
}
In case there are any issues, the response may contain an error message, such as listed below:
|
Code |
Message |
Comment |
|
400 |
uid cannot be empty |
|
|
400 |
aid cannot be empty |
|
|
400 |
scope cannot be empty |
|
|
400 |
parameter value was not parseable |
e.g. wrong format of parameter values |
|
2 |
Access denied |
e.g. invalid AID or wrong API token |
|
401 |
Unable to find user for given API token |
|
|
2004 |
User not found |
|
|
500 |
Internal server error |
|
|
10127 |
Failed to disable user in user provider |
|
FAQ
Q: If the user has active subscriptions, will they be canceled once the user has been deleted?
A: Yes, any subscriptions will be canceled.
Q: What happens to their other data, for example, the user's custom fields?
A: The custom field data remains in our database, but it's not shown anywhere since the user is deleted. On the other hand, the user data and email will be removed from any associated Site License contracts.
Q: Is there any way to see all deleted users in case we want to recover them?
A: It is not possible to get such a list as it is also not possible to recover GDPR deleted user. If users would like to regain access, they would simply need to register again.
Q: What happens if the user is present in multiple applications with Global Mode enabled?
A: If you delete a user only in one application that has Global Mode enabled, and the user is also present in other applications of the same Global Mode merchant - we remove the user record only from this one application. The user will still be able to log in to the other apps and re-access their account in the initial application by logging in with their email (+ password).
If you want to delete the user completely, you will need to delete the user in all apps linked via Global Mode where a user record is created.
Q: Is it possible to delete user data based on their browserID?
A: Yes. For more information visit this article.
Q: When I delete the user’s data, can I also remove their impact on report statistics?
A: No. Using publisher/gdpr/delete (PII or ALL) deletes the user’s personal data but does not undo the effect of their past activity on statistics already recorded in reports. Historical report data cannot be changed.