GDPR and CCPA Compliance

Moesif was designed from the ground up with security and privacy in mind and is aligned with the policies and practices of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Please contact your account manager or privacy@moesif.com for any questions.

Moesif does not sell any contact data collected on behalf of our customers or market Moesif services to our customer’s end-users.

Because Moesif already attributes API calls to individual user_id’s, Moesif makes managing GDPR subject access requests such right to access and right to erasure a breeze for our customers.

Right to Erasure

Moesif supports the right to erasure for any user data previously stored in Moesif through a permanent deletion of that user data.

Via UI

In the UI, you can delete user and company data by going to any user or company profile and click More Actions on the top right of the page followed by selecting Right to Erasure.

Delete a user's data for GDPR

Via API

In the spirit of automation, this can be done easily with our DELETE /search/users/:id endpoint after obtaining a Management API token in Moesif.

curl -X DELETE https://api.moesif.com/v1/search/{orgId}/users/{user_id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Right to Access

Any data logged in Moesif for a specific user and associated API calls made by the user can be obtained through our Management API or exported within the Moesif portal.

Via UI

In the Moesif UI, you can get a users events by going to Live API Log, add a filter for particular user or company id, and select Export. You’ll be prompted for an email to send a link with the exported data.

Via API

Get a user profile:

curl -X POST https://api.moesif.com/v1/search/{orgId}/users/{user_id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Get a user’s API activity:

curl -X POST https://api.moesif.com/v1/search/{orgId}/search/events?app_id={appId}&from=-52w&to=now \
  -d '{"query":{"term":{"user_id":"{END USER ID}"}}}'
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Right to Object

Deleting a user’s events from Moesif will remove historical data, but it will not prevent new data from being collected moving forward.

Via UI

For enterprise customers, moesif supports Right to Object, with our one-click suppression feature.

To stop collecting data for a user or company, go to Users or Companies, select the person’s profile, and click Edit Sample Rate. You will need to set to 0%.

Via API

Moesif enterprise customers also has an API to programmatically change the sample rate for any user or company. Contact your account executive for documentation.

For self serve plans, they do not have one-click suppression feature, but you can still implement your own logic that skips collection for certain users via the SDK’s skip hook.

Data Scrubbing

You can also used the SDK’s maskcontent function to scrub specific fields with sensitive data such as health or financial related information before leaving your data center.

options.maskContent = function(event) {
  // Modify or remove any API call property that you don't want to be sent to Moesif.
  event.request.headers['X-Tracking-Metadata'] = undefined;
  event.request.body.password = undefined;
  return event;
}

To learn more about our user privacy features, please contact us at privacy@moesif.com.

Updated: