How Data Deletion Works and What Data is Deleted
When data deletion is enabled, certain customer identifiers are handled automatically, while others require you to explicitly mark them as personally identifiable information. Once a field is marked, the same masking behaviour is applied consistently across Member Care and API responses.
Understanding what data is deleted and retained
When a deletion request is executed, the system removes sensitive customer information while retaining certain non-personally identifiable information (non-PII) data.
Deleted data | Non-deletion data |
|---|---|
First name and last name | User ID |
Identifiers such as mobile, e-mail, and external id | Transactions (but transaction custom/extended fields can be configured to be deleted). See Classifying custom field, extended field and payment attribute data as PII data |
Customer custom and extended fields. This is configurable. See Classifying custom field, extended field and payment attribute data as PII data | Communications data |
Payment mode attributes against a transaction | Payment mode (Card, UPI, BNPL) details used for the transaction. But the attributes can be deleted. See Configuring data that need not be deleted. |
V1 and V2 profile identifiers | PII data in the promo engine or on the OTA (Over The Air) side |
V1 and V2 profile comm channels | Coupons/promotions/gift vouchers and all benefits |
Identifiers/login details in the auth engine | Behavioural events |
Card custom fields and card extended fields. See Configuring data that need not be deleted. | Points data (will still be attributed to User ID) |
Search database (solr/ES) | Supplementary and coalition memberships |
Identifier change logs | Targets and Member care profiles - If you have the profile URL, you can access the profile; however, the page displays a message indicating that the customer has been deleted. |
Identifiers that are kept in the change requests log are set to null | User group dependencies and associations. Deleted customers remain part of groups/companies unless explicitly removed from groups (User ID remains) |
Customer data audit logs | PII captured in leads data |
_ | Any other details not mentioned under Deleted data. |
Note
In Databricks, deleted customers must be explicitly excluded in queries to ensure accurate reporting.
PII deletion for accounts with merged victims
When a PII deletion request is approved for a survivor account, the system automatically deletes the PII data of all victim accounts previously merged into that survivor. You do not need to raise separate deletion requests for victim accounts.
As part of the same deletion job, the system does the following:
- Identifies all victim accounts merged into the survivor, traversing the merge history recursively up to a depth of 10.
- Triggers PII deletion for each victim account found, in addition to the survivor.
- Releases the identifiers of all accounts in the chain: email, mobile number, last name, external ID, and other registered identifiers.
Note: The system traverses the merge chain up to a maximum depth of 10. Accounts beyond depth 10 are not included in the deletion run.
What gets deleted for victim accounts
The same data categories deleted for a survivor account are deleted for each victim account in the merge chain. Data not deleted for a survivor, such as transactions, points, behavioral events, and coupons, is also not deleted for victim accounts.
Updated about 11 hours ago