Clear PII data / GDPR compliance

How to clean GDPR


There are three ways to erase a user's personal data from Smartico: the Back Office UI, the REST API, or a CSV import for bulk requests. All methods trigger the same process โ€” data is permanently removed within 24 hours.

โš ๏ธ Important: Smartico deletes data only from its own database. If your platform continues sending profile updates for that user after the request, the data will be restored on the next sync. You must stop sending events for that user from your side before or immediately after submitting the request.


Option 1 โ€” Back Office UI (single user)

  1. Open the user's profile in the Back Office.

  2. Click the Delete PII button (visible to CRM Admin role only).

  3. Confirm the action. You will see: "All personal information will be permanently deleted within 24 hours."


Option 2 โ€” REST API (single user or automated workflow)

Use this method when you want to integrate GDPR erasure into your own automated workflow.

Endpoint

POST https://apisX.smartico.ai/api/external/events/v2

Authentication via your private API key (available in Back Office โ†’ Tools โ†’ REST API).

Request payload

Field
Description

eid

A unique ID you generate for each request (UUID or similar โ€” used for deduplication)

event_date

Current Unix timestamp in milliseconds

ext_brand_id

Your brand identifier (shown in BO โ†’ Tools โ†’ REST API)

user_ext_id

The user's ID as known in your platform

Option 3 โ€” Bulk erasure via CSV import

This is the recommended approach for processing many users at once. No coding required.

1. Prepare the CSV file

Create a plain text, comma-separated file with the following columns:

Rules to follow:

  • No quotation marks around any values

  • user_ext_id must match exactly the user IDs your platform sends to Smartico

  • The boolean value must be true or 1

  • If your brand has multiple sub-brands with non-unique user IDs, add a core_sm_brand_id column with the brand identifier for each row

2. Upload the CSV in the Back Office

  1. Go to CRM โ†’ Segments

  2. Click Import Segment

  3. Upload your CSV file

  4. Smartico will validate the first 20 rows immediately โ€” any formatting errors will be shown at this stage

  5. The segment status will change to Importing while all rows are processed

  6. Once complete, check the Imported Users tab to confirm how many users were successfully processed. Any rows that could not be matched to an existing user will also be listed there.

The GDPR cleanup flag is set for each successfully imported user. All matched accounts will be erased within 24 hours.

What happens after the request

Timeline
Action

Immediately

The erasure request is logged and the user is flagged

Within 24 hours

All personal data fields are permanently erased

Within 24 hours

Account is deactivated; all communication channels (email, SMS, push) are opted out; user is excluded from gamification

โœ… Complete

The user's profile retains only an anonymous internal ID โ€” no personal data remains

The process is irreversible. There is no way to restore the data once deletion is complete, and Smartico will not be able to confirm the identity of an erased user after the fact. Please keep your own records of which users you have requested to be erased.

What information is going to be cleared

Group 1 โ€” Personally Identifiable Information (PII)

Property
Semantic meaning
Action

user_email

User's email address

cleared

user_first_name

First name

cleared

user_last_name

Last name

cleared

core_mail_domain

Derived email domain (e.g. gmail.com)

cleared

user_phone

Phone number

cleared

user_country

Country of registration

cleared

user_birthdate

Date of birth

cleared

core_user_gender

Gender

cleared

user_phone_country

Phone country code

cleared

Group 2 โ€” Behavioral / Session Fingerprint

Property
Semantic meaning
Action

core_user_first_seen_country

Country on first login

cleared

core_user_last_login_country

Country on last login

cleared

core_user_last_login_city

City on last login

cleared

core_user_last_session_browser

Last browser used

cleared

core_user_last_session_os_name

Last OS used

cleared

core_user_last_device_type

Last device type (mobile/desktop)

cleared

core_is_push_disabled

User-side push opt-out flag

cleared

Group 3 โ€” Account Status โ€” set to explicit values

Property
Value set
Semantic effect

core_account_status

'DEACTIVATED'

Account blocked from activity

core_is_email_disabled

true

Disable email channel (user preference)

core_is_sms_disabled

true

Disable SMS channel (user preference)

core_is_email_disabled_by_platform

true

Disable email channel (platform override)

core_is_sms_disabled_by_platform

true

Disable SMS channel (platform override)

core_is_push_disabled_by_platform

true

Disable push channel (platform override)

core_is_ivr_disabled

true

Disable IVR/voice channel

Last updated

Was this helpful?