GDPR Readiness

Moesif was designed from the ground up with privacy and security in mind. The Moesif platform already attributes API calls to individual user_id’s which makes managing GDPR subject access requests such right to access and right to erasure a breeze for our customers.

Right to erasure

Moesif supports the right to erasure for any user data previously stored in Moesif through a permanent deletion of that user data. In the spirit of automation, this can be done easily with our DELETE /search/users/:id endpoint after obtaining a Management API token in Moesif.

curl -X DELETE{orgId}/users/{id} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Right to access

Any data logged in Moesif for a specific user and associated API events made by the user can be obtained through our Management API or exported within the Moesif portal.

Get a user profile

curl -X POST{orgId}/users/{userId} \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Get a user’s API events

curl -X POST{orgId}/search/events?app_id={appId}&from=-8w&to=now \
  -d '{"query":{"term":{"user_id":"{END USER ID}"}}}'
  -H 'Authorization: Bearer YOUR_MANAGEMENT_APITOKEN'

Opt-out users

Deleting data from Moesif will remove it permanently, but it will not prevent the data from being collected moving forward.

To aid you in preventing future data on specific users from being collected by, you cam configure our client SDKs to opt-out specific users.

Any user can be skipped from being sent to Moesif in the Moesif SDK before it even leaves your datacenter. If you don’t want a full opt-out, you can also scrub any sensitive fields such as health related information before leaving your datacenter.

options.maskContent = function(event) {
  // remove any field that you don't want to be sent to Moesif.
  event.request.headers['X-Tracking-Metadata'] = undefined;
  return event;

To learn more about our user privacy features, please contact us at


Leave a comment