Documentation
Feedback
Guides

Erasing customer data

Closed beta: Data Protection Plus is in closed beta and is only available in select regions.

This flow to erase customer data is in alpha testing stage, available only for select clients. Do not share this documentation with people outside of your company. If you do not have access yet, please refer to the Erasing customer data guide instead.

This feature is part of VTEX Shield, meaning additional fees may apply.

If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact Commercial Support.

If you are not yet a customer but are interested in this solution, please complete our contact form.

According to data protection policies, such as GDPR and LGPD, companies using customer personal data are required to delete collected information upon the customer's request. Data Subject Rights API allows stores using the PII data architecture to erase user data collected by Checkout, Orders, VTEX ID and Profile System, without depending on the VTEX Support flow described in the Erasing customer data guide.

To begin the data erasing process, make a POST request to the Erase customer data endpoint from the Data Subject Rights API. This action deletes a given customer's data collected in your store by Checkout, Orders, VTEX ID and Profile System.

Only orders with invoiced or canceled status are erased in this request.

A successful response is 200 OK with Completed status, and all items in the applications array should have the Deleted status.

Request body example


_10
{
_10
"email": "john@mail.com"
_10
}

Response body example


_34
{
_34
"uuid": "3e2f53dc-b099-4dc8-9727-581b2a97f39c",
_34
"requestType": "Removal",
_34
"email": "john@mail.com",
_34
"status": "Completed",
_34
"dataResponse": "{\r\n \"VTEX Checkout\": [],\r\n \"orders\": {\r\n \"dataStatus\": {\r\n \"status\": \"anonymized\",\r\n \"reason\": \"Sensitive information was anonymized rather than deleted to preserve the store metrics.\",\r\n \"evidence\": \"Anonymized [0] orders\",\r\n \"dryRun\": true\r\n },\r\n \"orders\": []\r\n },\r\n \"Profile System PII API\": {},\r\n \"VTEX ID\": {\r\n \"type\": \"https://tools.ietf.org/html/rfc7231#section-6.5.4\",\r\n \"title\": \"Not Found\",\r\n \"status\": 404,\r\n \"traceId\": \"00-65d5abf9263b07eb185beee49e2075dc-b67b373e2e93dcf8-00\"\r\n }\r\n}",
_34
"requestTime": "2023-09-05T17:19:33.1969022-03:00",
_34
"applications": [
_34
{
_34
"application": "chk",
_34
"status": "Deleted",
_34
"errorDetail": "",
_34
"updateAt": "2023-09-05T20:20:23"
_34
},
_34
{
_34
"application": "orders",
_34
"status": "Deleted",
_34
"errorDetail": "",
_34
"updateAt": "2023-09-05T20:20:25"
_34
},
_34
{
_34
"application": "profileSystemV2",
_34
"status": "Deleted",
_34
"errorDetail": "",
_34
"updateAt": "2023-09-05T20:20:26"
_34
},
_34
{
_34
"application": "vid",
_34
"status": "Deleted",
_34
"errorDetail": "",
_34
"updateAt": "2023-09-05T20:20:29"
_34
}
_34
]
_34
}

Contributors
1
Photo of the contributor
+ 1 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
See also
Data Protection Plus
Guides
Data residency
Guides
Limitations of the PII data architecture during closed beta
Guides
Changes in VTEX features behavior to handle PII data
Guides
PII Data Architecture specifications
Guides
Profile System integration
Guides
Contributors
1
Photo of the contributor
+ 1 contributors
On this page