User Documentation
Start typing to search…

PII Deletion

This section provides you with information on how to enable PII deletion and about the PII data deletion workflow.

The Personally Identifiable Information (PII) data deletion feature allows customers to delete their personal data from the customer data platform. This provides customers greater control over their privacy and helps to protect their data or unauthorised access to their information.

Understanding what data is deleted and retained

When a PII deletion request is executed, the system removes sensitive customer information while retaining certain non-personally identifiable information (non-PII) data.

Deleted data

Non-deletion data

First name and last name

User ID

Identifiers such as mobile, e-mail and external id

Transactions (but transaction custom/extended fields can be configured to be deleted). See

Classifying custom field, extended field and payment attribute data as PII data

.

Customer custom and extended fields. This is configurable. See

Classifying custom field, extended field and payment attribute data as PII data

.

Communications data

Payment mode attributes against a transaction

Payment mode (Card, UPI, BNPL) details used for the transaction. But the attributes can be deleted. See Configuring data that need not be deleted.

V1 and V2 profile identifiers

PII data in the promo engine or on the OTA (Over The Air) side

V1 and V2 profile comm channels

Coupons/promotions/gift vouchers and all benefits

Identifiers/login details in the auth engine

Behavioural events

Card custom fields and card extended fields. See Configuring data that need not be deleted.

Points data (will still be attributed to User ID)

Search database (solr/ES)

Supplementary and coalition memberships

Identifier change logs

Targets and Member care profiles - If you have the profile URL, you can access the profile; however, the page displays a message indicating that the customer has been deleted.

Identifiers that are kept in the change requests log are set to null

User group dependencies and associations. Deleted customers remain part of groups/companies unless explicitly removed from groups (User ID remains)

Customer data audit logs

PII captured in leads data

_

Any other details not mentioned under Deleted data.

📘

Note

In Databricks, deleted customers must be explicitly excluded in queries to ensure accurate reporting.

Handling customer cards during PII deletion

Apart from the customer data, you must also define how linked loyalty cards are handled during PII deletion. This behaviour is controlled by the configuration parameter CONF_PII_DELETION_CARD_UNLINK_STATE.

By default, when a customer profile is deleted, the linked card is delinked, and its status changes to Not Issued. You can change this behaviour by setting the configuration to DELETED, which automatically marks the card as DELETED during PII deletion.

The card status remains as NOT_ISSUED:

  • if an invalid value is set or
  • if the configuration is set to DELETED but the DELETED status label is not available in your organisation.

Set this configuration before submitting the PII deletion request.

Enabling the Configuration

To enable this configuration, create a JIRA ticket for the Product Support team.

Classifying custom field, extended field and payment attribute data as PII data

In addition to core identifiers (mobile, email, external ID), you may need to delete custom fields, extended fields, or payment attributes that contain PII. By default, these are not deleted. You must explicitly mark them as PII.

Custom field and Extended fields

If you want to include custom fields and extended fields as part of PII data, perform the following:

  1. From the Organisation settings, navigate to Master Data Management > Data Model > Custom fields/Extended fields.
  1. Select the desired custom field/extended field that needs to be part of PII data.
  2. Click Edit.
  3. Select the Is this pii data/Is it PII data check box.
  1. Click Submit.

Payment attributes

If you want to include payment attributes as part of the PII data, perform the following:

  1. From the Organisation settings, navigate to Organisation set up > Payment modes > Tenders.
  1. Select the desired tender and click the edit icon.
  2. Select the desired attribute that needs to be part of the PII data and click the edit icon.
  1. Click the attributes value icon.
  1. From the Selection drop-down, select the desired unit.
  1. Select the Is PII Data check box.
  2. Click Save.

PII deletion in connected orgs

In a connected organisation setup, the PII deletion is always initiated from the parent organisation, and the data gets deleted from both the parent and child organisations. However, the PII configuration is maintained separately. For the child organisation, the PII configuration should be set at the child level.

Performing PII deletion

Step 1: Make sure the below prerequisites are met

  1. Enable customer status. See Enable customer status.
  1. Make sure that a label is created for each customer status. For more information on customer status labels, see Create customer status label.
    📘

    For Pending Deletion, the platform creates a deletion_pending status automatically and assigns it whenever a deletion request is raised. The platform does not use any label that you created against the Pending Deletion status.

  2. Configure PII deletion. See Configuring PII deletion.
  3. If required, select and mark the required extended field, custom field and payment mode attributes as PII data. See Classifying custom field, extended field and payment attribute as PII data.

Step 2: Define PII deletion configurations as required.

To enable and configure the PII deletion

  1. From Organisation settings, navigate to Organization Setup -> PII Configurations.
  2. To enable the PII deletion, select the CONF_ENABLE_PII_DELETION check box.

  1. To set the number of days after which the data is deleted (deletion waiting period), enter the number in the CONF_PII_DATA_DELETE_AFTER_DAYS field. You can enter any value between 0-90.

    📘

    Note

    If the waiting period is set to 0 days, the system deletes the data on the same day that you raised the requests and approves if approval workflow is involved. For example, if a customer raises a deletion request at 1400 hrs, the system processes deletion at midnight on the same day depending on the time zone of the cluster the org belongs to on the Capillary platform.

  2. Click Submit.

Step 3: Create a deletion request

A PII deletion request can be performed from the Member Care, refer to .the documentation on user deletion from Member Care. For more information on the PII deletion APIs, see Add deletion request API documentation.


Step 4: (for approvers) Approve the PII deletion request from Membercare

For information on approving member account deletion requests from Membercare, refer to Request management documentation.

Deletion request status

ActionRequest statusCustomer status and status label
Capillary receives a deletion requestPENDINGNo change to the customer status
The brand rejects the deletion requestREJECTEDNo change to the customer status
Capillary receives a deletion requestAPPROVEDPending Deletion: Deletion_pending
The customer cancels the deletion requestCANCELEDPrevious customer status
Capillary deletes the customer PII after the waiting period.DELETEDDELETED: Deleted

FAQs

  1. Can we raise bulk PII data deletion requests? For bulk PII deletion, use Connect+. See PII data flow.
  2. Is the PII deletion request approved by default? This depends on the query parameter. PII deletions need to be approved.
  3. Are custom fields and extended fields part of PII data? No. But, you can mark the desired custom fields and extended fields as PII data.
  4. Will PII details in the Auth engine be deleted for the users who raised the request? Yes. After the PII deletion waiting period lapses.
  5. Will event data (behavioural events, transaction events, etc.)be deleted? No. Data attributed to the user id is not deleted as the user id is not categorized as PII data.
  6. What happens if the waiting period is set as 0 days? If the waiting period is set to 0 days, the system deletes the data on the same day.
  7. My brand's transaction custom fields/extended fields also have PII data. Can those be marked for deletion? Yes. You can mark those data as PII data. See Custom field and extended field PII data.
  8. Can I view a deleted customer's events on Member Care? Yes.
  9. Will the profile be visible if I go to the profile using user_id in the Member Care URL? No.
  10. Are payment mode attributes deleted by default? No. But you can configure payment attributes as PII data. See payment attributes.
  11. My brand's payment mode attributes have sensitive PII data. Can I delete that? You can configure payment attributes as PII data. See payment attributes.
  12. I want to delete event data (transactions, behavioural events and so on) of customers. Is this possible? No.
  13. Will communications sent to a customer be deleted? No.
  14. What happens to active coupons that are not redeemed? You cannot redeem the active coupons associated with the deleted customer ID.
  15. Will OTP messages get sent to customers? After the PII deletion, the customer will not get any message.
  16. How can a customer track the status of a deletion request? Brands can use the GET APIs and the event notifications to update the status of the customers.
  17. Is there a UI to view all deletion requests raised in an org? Yes.
  18. How can a CSR raise a deletion request? CSR can raise deletion requests through member care.
  19. Can any CSR raise a deletion request? This depends on access rights. If you have access, you can raise deletion requests on behalf of a customer.
  20. How is PII deletion handled for connected orgs? In connected orgs, PII deletion is based on the PII deletion policy configuration.
  21. Does the configured card status "DELETED" override the card's previous state? Yes. The PII deletion process updates the status for all cards associated with the customer, regardless of their previous state (e.g., ACTIVE, ISSUED, SUSPENDED, or EXPIRED).
  22. Does NOT_ISSUED vs. DELETED have any operational difference beyond the status label? If you want to reuse the cards after PII deletion, you can have the cards set to NOT_ISSUED. If you don't want to reuse the cards, you can configure them as DELETED. Only cards with the NOT_ISSUED status can be linked to a new customer.
  23. Does changing the configuration later affect past PII deletions? No, the card status will take the label that was configured at the time of the PII deletion. The configuration can be changed only for the future deletions.
  24. Can the card status be updated manually after PII deletion has occurred? No, you cannot update the DELETED label. You can, however, update the status of a NOT_ISSUED card. Once you link a NOT_ISSUED card to a customer, its status will change to ACTIVE, and you can then update its status as per requirement.
  25. Does this CONF_PII_DELETION_CARD_UNLINK_STATE config affect physical cards? Yes, this feature affects all cards, both physical and digital.


Updated 10 days ago