GDPR and CCPA Compliance

Moesif was designed from the ground up with privacy and security in mind and is aligned with the policies and practices of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Please contact your account manager or privacy@moesif.com for any questions.

The Moesif service, as a Data Processor, collects and stores a minimal amount of information as instructed by our customers, the Data Controller.

Moesif does not sell any contact data collected on behalf of our customers or market Moesif services to our customer’s end-users.

Because Moesif already attributes API calls to individual user_id’s, Moesif makes managing GDPR subject access requests such right to access and right to erasure a breeze for our customers.

Right to erasure

Moesif supports the right to erasure for any user data previously stored in Moesif through a permanent deletion of that user data. In the spirit of automation, this can be done easily with our DELETE /search/users/:id endpoint after obtaining a Management API token in Moesif.

curl -X DELETE https://api.moesif.com/v1/search/{orgId}/users/{user_id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Right to access

Any data logged in Moesif for a specific user and associated API events made by the user can be obtained through our Management API or exported within the Moesif portal.

Get a user profile

curl -X POST https://api.moesif.com/v1/search/{orgId}/users/{user_id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Get a user’s API events

curl -X POST https://api.moesif.com/v1/search/{orgId}/search/events?app_id={appId}&from=-8w&to=now \
  -d '{"query":{"term":{"user_id":"{END USER ID}"}}}'
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Opt-out users

Deleting data from Moesif will remove it permanently, but it will not prevent the data from being collected again moving forward.

To aid you in supporting Right to Object and prevent future data collection on specific users, you can configure our SDKs to opt-out specific users.

Any user can be skipped from being sent to Moesif in the Moesif SDK before it even leaves your datacenter. If you don’t want a full opt-out, you can also scrub specific fields with sensitive data such as health related information before leaving your datacenter.

options.maskContent = function(event) {
  // remove any field that you don't want to be sent to Moesif.
  event.request.headers['X-Tracking-Metadata'] = undefined;
  return event;
}

To learn more about our user privacy features, please contact us at privacy@moesif.com.

Updated:

Leave a comment