Book a Demo
Compliance Infrastructure

User Anonymization

Talkable's full-stack anonymization system handles CCPA, GDPR, and Facebook data deletion requests, automatically erasing personal data while keeping aggregate analytics intact.

CCPA
GDPR
Facebook Platform Policy
Four entry points
|
Same anonymization engine
|
Idempotent processing

Overview

What it does

When a customer requests deletion of their personal data, Talkable's anonymization engine processes the request across every data type it holds, replacing all identifying fields with opaque placeholders while keeping aggregate records intact.

Anonymized email format

before: customer@example.com
after:   {random-uuid}@anonymized.email

The process is idempotent. Before processing, the system checks for an existing @anonymized.email address and skips if already done.

CCPA compliance

California Consumer Privacy Act requires honoring deletion requests within 45 days. Talkable handles the full lifecycle automatically.

GDPR compliance

Right to erasure under GDPR. Clients in EU markets can route deletion requests through the API or Customer Service Portal.

Facebook Platform Policy

When a Facebook user disconnects your app, Facebook sends a signed deletion webhook. Talkable processes it automatically.

Data Handling

What gets anonymized

Every data type Talkable holds is processed through the same engine. Here's what changes, and what stays.

Person
email UUID@anonymized.email
phone null
first_name deleted
last_name deleted
customer_id deleted
custom_properties deleted
social usernames deleted
Origins (Purchases, Signups)
ip_address null
order_number random UUID
Email Capture Offers
ip_address null
order_number random UUID
Shipping Attributes
all custom attributes deleted
Visitors
uuid new random UUID
Loyalty Members
uuid new random UUID
all origins anonymized

What's preserved

Purchase records and referral records remain in place
Events are retained but untraceable to any individual
Aggregate metrics continue to work accurately
Historical referral relationships preserved as statistical data

Idempotent processing

Before processing, the engine checks whether the email already ends in @anonymized.email. If so, it exits cleanly without re-processing. This means running the same deletion request twice produces no side effects.

Entry Points

Four ways to trigger deletion

Every path routes into the same anonymization engine. The outcome is identical regardless of how the request arrives.

01

CCPA Self-Service Form

Customers fill out the public form at talkable.com/data_removals/new. The same form can be embedded as an iframe on a client's own privacy page.

talkable.com/data_removals/new
Request flow
pending waiting_confirmation confirmed anonymized
not_found failed

User fills form, receives confirmation email, clicks to confirm, async anonymization runs, completion email sent.

02

Customer Service Portal

Client support staff can trigger anonymization directly from within the Talkable admin. Navigate to Admin, then Customer Service, look up the person, and select Anonymize.

Admin › Customer Service › [Person] › Anonymize
Required roles: write csp

Client is notified when a CSP-triggered anonymization completes, creating an audit trail on their end.

03

Public API v2

Clients with their own CCPA or GDPR request handling can call the anonymization endpoint programmatically, integrating it into their existing deletion workflows.

POST /api/v2/people/:person_slug/anonymize

No email confirmation step. The API call triggers the anonymization engine directly. Responds with the updated person record.

04

Facebook Data Deletion Webhook

When a Facebook user removes your app from their account, Facebook sends a signed deletion request. Talkable handles this automatically at the platform level.

POST /hooks/facebook_data_deletion_requests

Signed with HMAC-SHA256 for verification. Automatic processing, no manual action required from client or Talkable team.

CCPA Self-Service

Request lifecycle

From form submission to final confirmation, the process runs asynchronously with email checkpoints at each key stage.

1
Customer fills form

Submits email at talkable.com/data_removals/new. System checks whether account exists.

pending not_found
2
Confirmation email sent

If account found, a confirmation email goes to the address. Status moves to waiting_confirmation.

waiting_confirmation
3
Customer confirms

Customer clicks the confirmation link in the email. Status updates to confirmed and async processing begins.

confirmed
4
Anonymization runs

Engine processes all data types asynchronously. Fails are retryable; successful runs are permanent.

anonymized failed
5
Completion email sent

Customer receives final confirmation. Record is now fully anonymized and untraceable.

Client Value

What this means for clients

Compliance handled

Clients don't need to build deletion infrastructure. Talkable handles CCPA, GDPR, and Facebook requirements natively.

Analytics stay intact

Aggregate metrics, referral counts, and revenue attribution remain accurate. Only the personally identifiable fields are erased.

Audit trails

Merchant notification on CSP-triggered anonymizations creates a documented record for regulatory audit purposes.