Personally Identifiable Information Removal

Modified on Tue, 06 Feb 2024 at 12:34 PM

TABLE OF CONTENTS

Overview
Removing PII

Overview

In the course of your business, you may need to comply with CCPA and GDPR regulations. ACME is here to help with right to be forgotten requests with our Personally Identifiable Information (PII) removal API.

For more information on such regulations, please refer to CCPA (https://oag.ca.gov/privacy/ccpa) or Article 17 of GDPR (https://gdpr-info.eu/art-17-gdpr/).

This API call complies with these by removing:

First Name

Last Name

Email

Phone number

From ACME transactions tables.

Because both of these calls require you to provide the PaymentKey they need to be made to ACME from your backend (as the PaymentKey is secret and needs to be protected).

Removing PII

To remove the PII associated with a transaction, simply make a call with referencing MID, previously assigned externalId and TransactionId. Success will remove those fields from ACME's systems and any subsequent transaction GET calls will also return scrubbed data.

The flag dryRun can be used to test a call for successful response before execution.

curl -X PUT https://api.acmeticketing.com/v1/payment/{mid}/gdpr -H 'Content-Type: application/json' -H 'x-acme-payment-key: {api_key}' -d '{
"id" : "sale_xxxx-xxxx-xxxx",
"dryRun" : true
} }'