How Does Privy Process GDPR and CCPA Requests?
Privy has a process for honoring data subject requests related to various compliance frameworks, including CCPA and GDPR. These frameworks entitle your contacts to more control of their personal information. The contacts subject to these frameworks have the right to request actions like:
- Deletion: The right of deletion gives contacts the ability to direct a business to delete or anonymize all of their personally identifiable information.
- Opt-out: The right to opt-out gives contacts the ability to direct a business not to sell their personal information to a third party.
- Access: The right of access gives contacts the ability to direct a business to provide all of the information that they have collected on them.
Typically, these requests must be processed within 30 days. That said, these rights are not absolute and can depend on the request's context, so it is essential to be familiar with your current business situation and local privacy laws. Learn more about Data Subject Access Rights by visiting our Privacy Policy, Terms & Conditions, and Data Processing Addendum.
Note: These requests shouldn't be processed unless prompted by a contact. Additionally, while these features and resources are available from Privy, your legal team remains the best resource for advice concerning your specific compliance situation. If you're looking to remove your account information from Privy instead of contact information, check out this resource instead.
Deletion request
To request a permanent contact deletion:
- Email Support
- Provide your email address. It must be associated with a user in the Privy account.
- Use "Compliance - Data Removal Request" as the subject line.
- In the request's description, please provide:
- The Business Name and Website URL are listed in your Privy account here.
- The email address of the contact you'd like removed.
- Select the Submit button.
Following the submission, all of the contact's personally identifiable information will be scrubbed within 30 days. While the contact's personal data will be deleted, anonymized analytics data will remain. For example, the contact's display views and revenue will continue to be reflected in your Convert dashboard. Similarly, if you’ve sent emails to the contact, the analytics will still be reflected in the email performance reports (e.g., opens, clicks, etc.).
Note: When a contact is deleted, their display signups are also deleted. This removal is retroactive and will reduce the signup counts in your account.
Opt-out request
To perform a compliant contact opt-out:
- Email Support
- Provide your email address. It must be associated with a user in the Privy account.
- Use "Compliance - Opt-Out Request" as the subject line.
- In the request's description, please provide:
- The Business Name and Website URL are listed in your Privy account here.
- The email address of the contact you'd like to opt out of.
- Select the Submit button.
Following the submission, an opt-out identifier will be attached to the contact's profile within 30 days. If you return to the contact profile, an opt-out event will be present. The opt-out also removes the contact from all marketing activities to ensure the broadest level of compliance.
Access request
To perform a compliant data access request:
- Email Support
- Provide your email address. It must be associated with a user in the Privy account.
- Use "Compliance - Data Access Request" as the subject line.
- In the request's description, please provide:
- The Business Name and Website URL are listed in your Privy account here.
- The email address of the contact you'd like information on.
- Select the Submit button.
Following the submission, a request will be sent to Privy and processed within 30 days. Following this review, you will be emailed a collection of CSVs containing the contact's information.
Additional questions
For any additional questions, please email privacy@privy.com.