The Compliance API covers multiple frameworks, including GDPR, CCPA, and LGPD. For GDPR, CCPA, and LGPD deletion requests, all identifiers associated with the same user as the requested identifier are added to our redaction pool. The customer record for that user is redacted and the redaction pool is used to remove identifying information from all new events and object updates. No past or future events are deleted or lost, and they remain associated with the redacted profile.
For CCPA opt-out requests (opting out of the sale of data), any profile associated with the requested identifier is flagged with a CCPA Opted-Out attribute which is acted upon in marketing situations or which can be accessed as part of a qualification (segment) or profile search.