# Clear PII data / GDPR compliance

## How to clean GDPR

***

There are three ways to erase a user's personal data from Smartico: the **Back Office UI**, the **REST API**, or a **CSV import** for bulk requests. All methods trigger the same process — data is permanently removed within 24 hours.

> ⚠️ **Important:** Smartico deletes data only from its own database. If your platform continues sending profile updates for that user after the request, the data will be restored on the next sync. You must stop sending events for that user from your side before or immediately after submitting the request.

***

### Option 1 — Back Office UI (single user)

1. Open the user's profile in the Back Office.
2. Click the **Delete PII** button (visible to **CRM Admin** role only).
3. Confirm the action. You will see: *"All personal information will be permanently deleted within 24 hours."*

***

### Option 2 — REST API (single user or automated workflow)

Use this method when you want to integrate GDPR erasure into your own automated workflow.

#### Endpoint

```http
POST https://apisX.smartico.ai/api/external/events/v2
```

Authentication via your **private API key** (available in Back Office → Tools → REST API).

#### Request payload

```json
{
  "eid": "unique-request-id-per-call",
  "event_date": 1717508861954,
  "ext_brand_id": "your_brand_id",
  "user_ext_id": "the_user_id_in_your_system",
  "event_type": "update_profile",
  "payload": {
    "core_is_gdpr_cleanup_requested": true
  }
}
```

| Field          | Description                                                                          |
| -------------- | ------------------------------------------------------------------------------------ |
| `eid`          | A unique ID you generate for each request (UUID or similar — used for deduplication) |
| `event_date`   | Current Unix timestamp in **milliseconds**                                           |
| `ext_brand_id` | Your brand identifier (shown in BO → Tools → REST API)                               |
| `user_ext_id`  | The user's ID as known in your platform                                              |

### Option 3 — Bulk erasure via CSV import

This is the recommended approach for processing many users at once. No coding required.

#### 1. Prepare the CSV file

Create a plain text, comma-separated file with the following columns:

```csv
user_ext_id,core_is_gdpr_cleanup_requested
user_001,true
user_002,true
user_003,true
```

Rules to follow:

* No quotation marks around any values
* `user_ext_id` must match exactly the user IDs your platform sends to Smartico
* The boolean value must be `true` or `1`
* If your brand has multiple sub-brands with non-unique user IDs, add a `core_sm_brand_id` column with the brand identifier for each row

#### 2. Upload the CSV in the Back Office

1. Go to **CRM → Segments**
2. Click **Import Segment**
3. Upload your CSV file
4. Smartico will validate the first 20 rows immediately — any formatting errors will be shown at this stage
5. The segment status will change to **Importing** while all rows are processed
6. Once complete, check the **Imported Users** tab to confirm how many users were successfully processed. Any rows that could not be matched to an existing user will also be listed there.

The GDPR cleanup flag is set for each successfully imported user. All matched accounts will be erased within 24 hours.

## What happens after the request

| Timeline        | Action                                                                                                                  |
| --------------- | ----------------------------------------------------------------------------------------------------------------------- |
| Immediately     | The erasure request is logged and the user is flagged                                                                   |
| Within 24 hours | All personal data fields are permanently erased                                                                         |
| Within 24 hours | Account is deactivated; all communication channels (email, SMS, push) are opted out; user is excluded from gamification |
| ✅ Complete      | The user's profile retains only an anonymous internal ID — no personal data remains                                     |

The process is **irreversible**. There is no way to restore the data once deletion is complete, and Smartico will not be able to confirm the identity of an erased user after the fact. Please keep your own records of which users you have requested to be erased.

## What information is going to be cleared

**Group 1 — Personally Identifiable Information (PII)**

| Property             | Semantic meaning                        | Action  |
| -------------------- | --------------------------------------- | ------- |
| `user_email`         | User's email address                    | cleared |
| `user_first_name`    | First name                              | cleared |
| `user_last_name`     | Last name                               | cleared |
| `core_mail_domain`   | Derived email domain (e.g. `gmail.com`) | cleared |
| `user_phone`         | Phone number                            | cleared |
| `user_country`       | Country of registration                 | cleared |
| `user_birthdate`     | Date of birth                           | cleared |
| `core_user_gender`   | Gender                                  | cleared |
| `user_phone_country` | Phone country code                      | cleared |

**Group 2 — Behavioral / Session Fingerprint**

| Property                         | Semantic meaning                  | Action  |
| -------------------------------- | --------------------------------- | ------- |
| `core_user_first_seen_country`   | Country on first login            | cleared |
| `core_user_last_login_country`   | Country on last login             | cleared |
| `core_user_last_login_city`      | City on last login                | cleared |
| `core_user_last_session_browser` | Last browser used                 | cleared |
| `core_user_last_session_os_name` | Last OS used                      | cleared |
| `core_user_last_device_type`     | Last device type (mobile/desktop) | cleared |
| `core_is_push_disabled`          | User-side push opt-out flag       | cleared |

**Group 3 — Account Status — set to explicit values**

| Property                             | Value set       | Semantic effect                           |
| ------------------------------------ | --------------- | ----------------------------------------- |
| `core_account_status`                | `'DEACTIVATED'` | Account blocked from activity             |
| `core_is_email_disabled`             | `true`          | Disable email channel (user preference)   |
| `core_is_sms_disabled`               | `true`          | Disable SMS channel (user preference)     |
| `core_is_email_disabled_by_platform` | `true`          | Disable email channel (platform override) |
| `core_is_sms_disabled_by_platform`   | `true`          | Disable SMS channel (platform override)   |
| `core_is_push_disabled_by_platform`  | `true`          | Disable push channel (platform override)  |
| `core_is_ivr_disabled`               | `true`          | Disable IVR/voice channel                 |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.smartico.ai/welcome/technical-guides/data-integration/clear-pii-data-gdpr-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.