Clear PII data / GDPR compliance

There are three ways to erase a user's personal data from Smartico: the Back Office UI, the REST API, or a CSV import for bulk requests. All methods trigger the same process — data is permanently removed within 24 hours.

⚠️ Important: Smartico deletes data only from its own database. If your platform continues sending profile updates for that user after the request, the data will be restored on the next sync. You must stop sending events for that user from your side before or immediately after submitting the request.

Option 1 — Back Office UI (single user)

Open the user's profile in the Back Office.
Click the Delete PII button (visible to CRM Admin role only).
Confirm the action. You will see: "All personal information will be permanently deleted within 24 hours."

Option 2 — REST API (single user or automated workflow)

Use this method when you want to integrate GDPR erasure into your own automated workflow.

Endpoint

POST https://apisX.smartico.ai/api/external/events/v2

Authentication via your private API key (available in Back Office → Tools → REST API).

Request payload

{
  "eid": "unique-request-id-per-call",
  "event_date": 1717508861954,
  "ext_brand_id": "your_brand_id",
  "user_ext_id": "the_user_id_in_your_system",
  "event_type": "update_profile",
  "payload": {
    "core_is_gdpr_cleanup_requested": true
  }
}

Field

Description

eid

A unique ID you generate for each request (UUID or similar — used for deduplication)

event_date

Current Unix timestamp in milliseconds

ext_brand_id

Your brand identifier (shown in BO → Tools → REST API)

user_ext_id

The user's ID as known in your platform

Option 3 — Bulk erasure via CSV import

This is the recommended approach for processing many users at once. No coding required.

1. Prepare the CSV file

Create a plain text, comma-separated file with the following columns:

user_ext_id,core_is_gdpr_cleanup_requested
user_001,true
user_002,true
user_003,true

Rules to follow:

No quotation marks around any values
user_ext_id must match exactly the user IDs your platform sends to Smartico
The boolean value must be true or 1
If your brand has multiple sub-brands with non-unique user IDs, add a core_sm_brand_id column with the brand identifier for each row

2. Upload the CSV in the Back Office

Go to CRM → Segments
Click Import Segment
Upload your CSV file
Smartico will validate the first 20 rows immediately — any formatting errors will be shown at this stage
The segment status will change to Importing while all rows are processed
Once complete, check the Imported Users tab to confirm how many users were successfully processed. Any rows that could not be matched to an existing user will also be listed there.

The GDPR cleanup flag is set for each successfully imported user. All matched accounts will be erased within 24 hours.

What happens after the request

Timeline

Action

Immediately

The erasure request is logged and the user is flagged

Within 24 hours

All personal data fields are permanently erased

Within 24 hours

Account is deactivated; all communication channels (email, SMS, push) are opted out; user is excluded from gamification

✅ Complete

The user's profile retains only an anonymous internal ID — no personal data remains

The process is irreversible. There is no way to restore the data once deletion is complete, and Smartico will not be able to confirm the identity of an erased user after the fact. Please keep your own records of which users you have requested to be erased.

What information is going to be cleared

Group 1 — Personally Identifiable Information (PII)

Property

Semantic meaning

Action

user_email

User's email address

cleared

user_first_name

First name

cleared

user_last_name

Last name

cleared

core_mail_domain

Derived email domain (e.g. gmail.com)

cleared

user_phone

Phone number

cleared

user_country

Country of registration

cleared

user_birthdate

Date of birth

cleared

core_user_gender

Gender

cleared

user_phone_country

Phone country code

cleared

Group 2 — Behavioral / Session Fingerprint

Property

Semantic meaning

Action

core_user_first_seen_country

Country on first login

cleared

core_user_last_login_country

Country on last login

cleared

core_user_last_login_city

City on last login

cleared

core_user_last_session_browser

Last browser used

cleared

core_user_last_session_os_name

Last OS used

cleared

core_user_last_device_type

Last device type (mobile/desktop)

cleared

core_is_push_disabled

User-side push opt-out flag

cleared

Group 3 — Account Status — set to explicit values

Property

Value set

Semantic effect

core_account_status

'DEACTIVATED'

Account blocked from activity

core_is_email_disabled

true

Disable email channel (user preference)

core_is_sms_disabled

true

Disable SMS channel (user preference)

core_is_email_disabled_by_platform

true

Disable email channel (platform override)

core_is_sms_disabled_by_platform

true

Disable SMS channel (platform override)

core_is_push_disabled_by_platform

true

Disable push channel (platform override)

core_is_ivr_disabled

true

Disable IVR/voice channel

Last updated 2 days ago

Was this helpful?

hashtagHow to clean GDPR

hashtagOption 1 — Back Office UI (single user)

hashtagOption 2 — REST API (single user or automated workflow)

hashtagEndpoint

hashtagRequest payload

hashtagOption 3 — Bulk erasure via CSV import

hashtag1. Prepare the CSV file

hashtag2. Upload the CSV in the Back Office

hashtagWhat happens after the request

hashtagWhat information is going to be cleared

How to clean GDPR

Option 1 — Back Office UI (single user)

Option 2 — REST API (single user or automated workflow)

Endpoint

Request payload

Option 3 — Bulk erasure via CSV import

1. Prepare the CSV file

2. Upload the CSV in the Back Office

What happens after the request

What information is going to be cleared