Privacy requests

In order to comply with privacy laws affecting the management of a contact's data, Simon Data offers a tool to easily forward requests to delete data for a contact. The introduction of regulations such as General Data Protection Regulation (GDPR) create the need for businesses to have systems that are privacy by design and privacy by default. As a data processor, Simon Data makes it simple to comply with the requests of data subjects.

Request Type

How to Submit a Request

❗️

Don't Delete Identity Table Records Before Submitting Privacy Requests

To ensure your privacy requests are processed accurately, do not delete customer records from your identity table before submitting a privacy request.

Why? Because the identity table acts as the central hub for resolving identifiers. If a customer record is removed before a privacy request is submitted, we can no longer map that customer to their data across other tables — especially tables that do not use your stable identifier as their primary key.

Example:

Say your identity table links email, user_id, and phone_number. If that record is deleted before a request is submitted:

  • We can’t look up phone_number based on the stable user_id.
  • Any data tied to phone_number in other tables becomes orphaned and cannot be deleted, meaning your privacy request can only be partially honored.

✅ Best Practice Submit privacy requests before deleting records from your identity table.

Once a request is processed and the associated data has been purged from Simon, you’re free to clean up those records if you'd like.

🔍 Why This Matters Tables not keyed by your stable identifier (like event or interaction logs) rely on joining identifiers (like phone_number, email, etc.) to locate data. When the identity table record is missing, those joins fail, and we can’t find the data to delete.

  1. From the left navigation, expand Admin Center then click Privacy Requests.
  2. Click Create Privacy Request in the upper right-hand corner.
  1. Select the Delete contact action.
  2. For the contact you wish to delete, enter their stable identifier. To delete multiple contacts, enter the identifiers as comma separated values (e.g. [email protected],[email protected]).
📘

Notes on stable identifiers:

  • If you're not sure what your organization's stable identifier is, ask your account manager.
  • In order to be processed, identifier values included in the “List of Identifier Values” must be formatted to match the identifier values stored in your organization's Identity Input Table.
    • For example, if phone numbers are stored as +1(123)456-789 in the Identity Input Table, they must be entered that way on the Privacy Request form and cannot be +1 123-456-789, 1(123)456-789, etc.
  1. Once you've entered your list of stable identifiers to delete, click Submit to submit the Privacy Request. This will take you to a confirmation form where you will be asked to confirm the request by typing the word Delete. After confirming the request, you will see confirmation that the request was successfully submitted. Note: this action cannot be undone or cancelled.

Monitoring a Request

You can monitor the status of your request by returning to the Privacy Requests page. One of the following statuses will be displayed for each request:

  • Requested: the request has been received
  • In progress: the request is being processed
  • Completed: the action you requested has been completed
  • Expired: the TTL (time-to-live) on the request has expired. See Privacy Request Expirations below.

Additionally, the submitting user will receive an email notification when your request is complete.

Privacy Request Expirations

Configure how long submitted privacy requests remain active before expiring, which then allows contacts to re-enter your Simon instance after a certain amount of time. TTL (time-to-live) is the number of days after which privacy requests expire and previously denylisted contacts are able to re-enter your Simon instance if they re-engage with your brand (e.g. sign up again for marketing emails, make a purchase, etc.).

  1. Click on Admin Center in the left-hand nav.
  2. Click Settings, then click Privacy Request Expiration.
  3. Choose a TTL between 30 and 365 days.
  4. Click Save.
ℹ️

NOTE: Privacy request expirations will only apply if the checkbox to add a default TTL to all privacy requests is checked. If this box is not checked, there will be no TTL and all contacts who have been submitted in a privacy request will never be able to re-enter Simon, even if they re-engage with your brand.

❗️

NOTE:

If you have a Connected account, have a default TTL on Simon privacy requests, and you do not manage privacy requests upstream of Simon, when the TTL expires on your privacy requests, contacts who were previously denylisted will immediately re-enter Simon. If you want to ensure that contacts re-enter Simon if and only if they've re-engaged with your brand (e.g. opted into marketing messages, made a purchase, etc.), be sure to manage privacy requests in your owned tables upstream of Simon.