Data subject requests - Right to erasure

The EU’s General Data Protection Regulation (GDPR) and similar privacy laws worldwide (CCPA, LGPD, etc.) grant data subjects comprehensive rights when it comes to the processing of their personal data. These rights include, among others, the right to erasure (see Art. 17 GDPR)(1). As a data processor, Adjust is obliged to support you (the data controller) in the processing of such requests from your (app) users.

You can inform Adjust of a user’s erasure request through a call to our GDPR API endpoint or using the Adjust SDK. 

Once Adjust has been notified: 

  • We will permanently delete all of the user’s historical personal data from our internal system and database; and
  • We will no longer receive data from this user/device(2) via the Adjust SDK.

Requirements for GDPR API integration, instructions for Adjust SDK configuration, and server callback setup can be found below.

Important:
Please exercise extreme caution when testing the API endpoint or SDK method using a personal device ID. When Adjust is notified of a user’s request to be forgotten, the subsequent process is permanent and cannot be reversed. Adjust will never be able to reinstate the device’s data or receive requests from that device for any reason.

Adjust SDK requirements

To notify Adjust of a user’s/device's erasure request through the Adjust SDK, you first need to download and set up the Adjust SDK for your platform. Follow the instructions linked below to get started.

⚙️  This feature requires Adjust SDK v4.13 and later.

Once you have the Adjust SDK installed and configured, follow the guides linked below to use this feature:

📖 iOS / Android / Windows / Adobe Air / Unity / Cordova / Marmalade / Xamarin / Cocos2d-x / React Native / Titanium / Corona

GDPR API reference

Adjust offers a GDPR API to enable you to action erasure requests from your server. Adjust immediately clears all data related to a device when you call it. To get started, check out the GDPR API reference.

Receive erasure request activity from Adjust

When Adjust receives an erasure request, you can be notified via Adjust’s server callbacks and our Amazon S3 bucket integration. 

Enter a callback URL for the erased users (GDPR) server callback or include the erased users (GDPR) event type in your Amazon S3 cloud storage upload. If you want to receive erasure request information through your global callback, make sure you include the {activity_kind} placeholder, which will be filled with gdpr_forget_device when the callback is fired for an erasure request.

References

1. For clarification, this set-up does not only apply to erasure requests under the GDPR, but to all erasure/deletion/opt-out requests under similar privacy laws.

2. The terms “user” and “device” can be used synonymously in this article. Since Adjust doesn’t process a user’s name or email address, Adjust isn’t able to identify individual users, but devices only.