Drift admins can manually request data retrieval and deletion via the Data Privacy section of their settings, but this can be tedious for larger organizations with many requests.
The Data Privacy API provides a way to trigger GDPR requests programatically.
There are two types of requests an organization can make:
- Retrieval - fetches all data for all contacts and users with a given email
- Deletion - deletes all data for all contacts and users with a given email
Unless these requests are necessary for compliance purposes, we recommend using the Contact API which provides real-time data.
The Data Privacy API can only be accessed by apps created by an organization. Third party applications are blocked from requesting these permissions.
To perform GDPR requests, an app must request access to specific permission scopes.
Retrieval requires access to the
Deletion requires access to the
To read more about how the Drift API uses scopes, see our scopes documentation.