Einstein GDPR Delete

In compliance with General Data Protection Regulation (GDPR) laws, the Einstein GDPR Delete API enables you to delete buyer and shopper data from the Einstein data engine.

Affected data includes any legacy order data uploaded to the Einstein engine using an external store order feed. It also includes any shopper profile data that was bulk uploaded to the Einstein engine using the sendBulkProfile endpoint using the Einstein Profile Connector API.

To enable access to any Einstein API endpoints, go to Einstein Configurator, and input your Commerce Cloud Account Manager client ID in the API page. Using Site Administrator access, you can add an API Client ID on the Account Manager page.

When enabled, and as long as the correct site ID and client ID are passed, the API functions in all environments, including production, staging, development, and sandbox instances.

Each API call must pass the x-cq-client-id header for API key authentication.

Implementing our API on the client side or server side comes with some tradeoffs. To ensure that you keep your client ID secret, we recommend that you implement our API on the server side for increased security. Client-side implementation runs the risk of exposing your client ID to bad actors.

Deleting data can have impacts on individual customer experiences, and on how the Einstein engine generates and provides experiences in general. For this reason, we allow only authorized users to delete data. In addition, each GDPR Delete API call must pass a required authorization header (bearer) access token obtained from Account Manager.

To reduce load on the Account Manager server, avoid generating any new tokens until the current token expires. Refer to the API Specification for more information on bulk upload API calls.

The purpose of the GDPR Delete API is to delete data for individual users based on a specific user request. The API is not intended for bulk removal of user data, or to perform complete data resets. When setting up the API to perform multiple delete requests in succession, we strongly recommend that you limit the requests to only a few hundred within a 24 hour period.

Einstein doesn’t provide separate reporting for activity data. You can view standard reporting on the Einstein Dashboard.