GDPR Overview
Automating GDPR Retrieval and Deletion
Drift admins can manually request data retrieval and deletion via the Data Privacy section of their settings, but this can be tedious for larger organizations with many requests.
The Data Privacy API provides a way to trigger GDPR requests programatically.
There are two types of requests an organization can make:
- Retrieval - fetches all data for all contacts and users with a given email
- Deletion - deletes all data for all contacts and users with a given email
Unless these requests are necessary for compliance purposes, we recommend using the Contact API which provides real-time data.
Note
The Data Privacy API can only be accessed by apps created by an organization. Third party applications are blocked from requesting these permissions. Keeping our customers' data secure is of the utmost important to Drift. We go to considerable lengths to ensure that all data sent to us is handled securely - keeping your data secure is fundamental to the nature of our business.
Scopes
To perform GDPR requests, an app must request access to specific permission scopes.
Retrieval requires access to the gdpr_read scope.
Deletion requires access to the gdpr_write scope.
To read more about how the Drift API uses scopes, see our scopes documentation.
Updated about 3 years ago