Right to Erasure (RTBF)

Learn how to handle data deletion requests from visitors to comply with GDPR's right to erasure.

Understanding Right to Erasure

What is RTBF?

The Right to Be Forgotten (RTBF) under GDPR Article 17 allows individuals to request deletion of their personal data when:

• Data no longer necessary for original purpose
• Consent is withdrawn
• Data was unlawfully processed
• Legal obligation requires deletion
• Individual objects to processing

When It Applies to Analytics

A visitor may request deletion of their analytics data:

• Page views and session history
• Event tracking data
• Identified user profiles
• Revenue attribution data

Receiving Deletion Requests

Request Channels

Accept requests via:

• Email ([email protected])
• Web form on your site
• Postal mail
• In-person (if applicable)

Required Information

To process a request, you need:

• Verification of identity
• Scope of deletion requested
• Any identifying information you have

Example Request Form

<form action="/privacy/erasure" method="POST">
  <h2>Data Deletion Request</h2>

  <label>Email Address (for verification)</label>
  <input type="email" name="email" required>

  <label>User ID (if known)</label>
  <input type="text" name="user_id">

  <label>What data should be deleted?</label>
  <select name="scope">
    <option value="all">All my data</option>
    <option value="analytics">Analytics data only</option>
    <option value="account">Account and analytics</option>
  </select>

  <label>Additional Information</label>
  <textarea name="details"></textarea>

  <button type="submit">Submit Request</button>
</form>

Processing Requests

Step 1: Verify Identity

Before deleting, verify the requester:

// Example verification process
async function verifyIdentity(email, userId) {
  // Option 1: Send verification email
  await sendVerificationEmail(email, {
    action: 'data_deletion',
    token: generateSecureToken()
  });

  // Option 2: Match to known user
  const user = await findUserByEmail(email);
  if (user && user.id === userId) {
    return { verified: true, user };
  }

  return { verified: false };
}

Step 2: Identify Data

Find the data associated with the requester:

Via Dashboard: If a visitor has been identified (you passed an email or user ID into the tracker), open Visitor Profiles (/analytics/profiles) and search by name or email to review the person's profile, sessions, and events.

Via API: The REST API (Pro plan and above) can list visitor records for a website so you can locate the data to act on:

# Retrieve visitor data for a website
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/visitors" \
  -H "X-API-Key: zv_YOUR_API_KEY"

Step 3: Delete Data

Zenovay does not currently offer a self-serve tool for erasing a single visitor's analytics records. To act on a verified request for a specific visitor or identified user, contact [email protected] with the website and the identifier (visitor ID, identified user ID, or the email you passed into the tracker). The Zenovay team carries out the erasure on your behalf.

There is no public API endpoint for deleting individual visitor or user data — the REST API is read-only for visitor records.

If the request is to delete your own Zenovay account (and the personal data tied to it), you can do that yourself: open your profile (/profile), choose Delete Account, and confirm. This permanently removes your account and cascades the deletion across the connected systems.

Step 4: Confirm Completion

// Send confirmation to requester
await sendEmail(requester.email, {
  subject: 'Data Deletion Complete',
  body: `
    Your data deletion request has been processed.

    Request ID: ${request.id}
    Completed: ${new Date().toISOString()}
    Data Deleted:
    - Page view history
    - Event tracking data
    - Session recordings
    - User profile data

    This action is permanent and cannot be undone.
  `
});

What Gets Deleted

Included in Deletion

Data Type	Deleted
Page views	✓
Events	✓
Session data	✓
Session recordings	✓
Heatmap contributions	✓
User profile	✓
Revenue data	✓
Custom properties	✓

Not Included

Data Type	Why
Aggregate statistics	Anonymized, not personal data
Audit logs	Legal requirement
Invoice records	Financial compliance

Performing Deletions

Single visitor or identified user

Email [email protected] with the website and the identifier you want erased (visitor ID, identified user ID, or the email passed into the tracker). The Zenovay team verifies the request against your account and carries out the erasure, then confirms back to you.

Bulk deletion

For bulk erasure requests covering several people, send the full list to [email protected]. There is no self-serve bulk deletion tool in the dashboard today.

Timeline Requirements

GDPR Deadlines

Action	Deadline
Acknowledge request	Promptly (within 3 days recommended)
Complete deletion	Within 30 days
Extension if needed	+60 days (must notify)

Request Tracking

// Track deletion requests
const deletionRequest = {
  id: generateId(),
  requester_email: '[email protected]',
  user_id: 'user_123',
  received_at: new Date(),
  acknowledged_at: null,
  completed_at: null,
  status: 'pending'
};

// Update on acknowledgment
deletionRequest.acknowledged_at = new Date();
deletionRequest.status = 'acknowledged';

// Update on completion
deletionRequest.completed_at = new Date();
deletionRequest.status = 'completed';

Handling Edge Cases

User Has Multiple Identifiers

// Find all linked identifiers
const user = await findUser(email);

const allIdentifiers = {
  user_id: user.id,
  visitor_ids: user.visitor_ids,
  emails: user.emails,
  device_ids: user.device_ids
};

// Delete all associated data
for (const visitorId of allIdentifiers.visitor_ids) {
  await deleteVisitorData(visitorId);
}
await deleteUserData(user.id);

Anonymous Visitor Requests

If visitor isn't identified:

1. Request identifying information they have
2. Check if they can provide:
   • Cookie value
   • Device fingerprint
   • Time of specific visits
3. If can't identify, explain data is already anonymous

Third-Party Data

If data was shared with third parties:

1. Identify third parties
2. Forward deletion request
3. Confirm third-party deletion
4. Document the chain

Exceptions to Deletion

When You Can Refuse

GDPR allows refusal when:

• Data needed for legal claims
• Legal obligation to retain
• Public interest reasons
• Exercising right of freedom of expression

How to Refuse

Dear [Requester],

We have received your data deletion request dated [date].

Unfortunately, we are unable to fulfill this request because:

[ ] We need to retain this data for ongoing legal proceedings
[ ] We have a legal obligation to retain this data
[ ] The request is manifestly unfounded or excessive

If you disagree with this decision, you have the right to
lodge a complaint with your supervisory authority.

Sincerely,
[Your Company]

Automation

Intake endpoint for deletion requests

Zenovay does not emit a deletion-request webhook. If you collect erasure requests through your own form or help desk, wire them into an intake endpoint on your side so each one is logged and ticketed automatically:

// Set up your own intake endpoint
app.post('/privacy/deletion-intake', async (req, res) => {
  const { user_id, email, request_id } = req.body;

  // Log the request
  await logDeletionRequest({
    request_id,
    user_id,
    email,
    received_at: new Date()
  });

  // Trigger internal workflow
  await createDeletionTicket({
    user_id,
    email,
    deadline: addDays(new Date(), 30)
  });

  res.status(200).json({ received: true });
});

Scheduled Cleanup

Automate deletion for inactive users:

// Run daily
async function cleanupInactiveUsers() {
  const inactiveUsers = await findUsersInactiveFor(365); // 1 year

  for (const user of inactiveUsers) {
    await sendNotification(user.email,
      'We will delete your data in 30 days unless you log in');

    scheduleForDeletion(user.id, 30); // days
  }
}

Documentation

Maintain Records

Keep records of:

Record	Retention
Deletion request	3 years
Verification evidence	3 years
Completion confirmation	3 years
Refusal reason	3 years

Deletion Certificate

Provide proof of deletion:

CERTIFICATE OF DATA DELETION

Request ID: del_abc123
Date Received: 2025-01-15
Date Completed: 2025-01-20

Requester: [email protected]

Data Deleted:
- 1,234 page view records
- 567 event records
- 89 session recordings
- 1 user profile

Deletion confirmed by: [System/Administrator]
Timestamp: 2025-01-20T15:30:00Z

This certificate confirms that the above data has been
permanently deleted from our systems and cannot be recovered.

Best Practices

Response Templates

Prepare templates for:

• Acknowledgment email
• Verification request
• Completion confirmation
• Refusal (with reasons)

Staff Training

Train team on:

• Recognizing deletion requests
• Verification procedures
• Timeline requirements
• Escalation process

Regular Audits

Periodically review:

• Request handling times
• Completion rates
• Common issues
• Process improvements

Next Steps

• Data Export
• GDPR Compliance
• Data Retention