GDPR and CCPA Compliance

Moesif was designed from the ground up with security and privacy in mind and is aligned with the policies and practices of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Please contact your account manager or privacy@moesif.com for any questions.

Moesif does not sell any contact data collected on behalf of our customers or market Moesif services to our customer’s end-users.

Because Moesif already attributes API calls to individual user_id’s, Moesif makes managing GDPR subject access requests such right to access and right to erasure a breeze for our customers.

Right to erasure

Moesif supports the right to erasure for any user data previously stored in Moesif through a permanent deletion of that user data. In the spirit of automation, this can be done easily with our DELETE /search/users/:id endpoint after obtaining a Management API token in Moesif.

curl -X DELETE https://api.moesif.com/v1/search/{orgId}/users/{user_id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Right to access

Any data logged in Moesif for a specific user and associated API events made by the user can be obtained through our Management API or exported within the Moesif portal.

Get a user profile

curl -X POST https://api.moesif.com/v1/search/{orgId}/users/{user_id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Get a user’s API events

curl -X POST https://api.moesif.com/v1/search/{orgId}/search/events?app_id={appId}&from=-8w&to=now \
  -d '{"query":{"term":{"user_id":"{END USER ID}"}}}'
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Opt-out users

Deleting data from Moesif will remove it permanently, but it will not prevent the data from being collected again moving forward.

To aid you in supporting Right to Object, you can use our one-click suppression features to prevent ongoing data collection for that user or company.

For enterprise customers, this can be done right in the Moesif web portal by going to user lookup or company lookup and filtering for the users/companies you want to suppress. Select the items and change the sampling rate to 0%. You can also use the API to progamtically change the sampling rate for those users.

Moesif self serve plans do not have the intelligent sampling features, but you can still support GDPR by overriding the SDK’s skip function.

Data scrubbing

You can also used the SDK’s maskcontent function to scrub specific fields with sensitive data such as health or financial related information before leaving your datacenter.

options.maskContent = function(event) {
  // remove any field that you don't want to be sent to Moesif.
  event.request.headers['X-Tracking-Metadata'] = undefined;
  return event;
}

To learn more about our user privacy features, please contact us at privacy@moesif.com.

Updated: