GDPR data export and deletion

When a customer asks for their data or asks to be forgotten, here is what SellStein gives you to comply in minutes, not days.

Last updated 2026-05-10

Under GDPR (EU) and similar laws (CCPA, LGPD, PIPEDA), customers can ask for a copy of all their data or for it to be deleted. SellStein automates both.

Customer asks for their data

Settings → Customers → click the customer → Privacy → Export data. Generates a ZIP with:

  • profile.json (name, email, phone, addresses, preferences)
  • orders.json (full order history with line items)
  • carts.json (saved + abandoned)
  • support.json (ticket history)
  • consent.json (marketing opt-ins, cookie preferences, timestamps)
  • communications.json (emails sent, opens, clicks)

The ZIP is encrypted with a one-time password we email to the customer's verified email. You hand them the ZIP, the password lands separately. Compliant with GDPR Article 15 and CCPA's "right to know".

Time from request to delivery: under 5 minutes.

Customer asks to be deleted

Settings → Customers → customer → Privacy → Delete (GDPR anonymise). This is NOT a hard delete. That would orphan their orders and break your books. Instead:

  • Profile fields (name, email, phone, addresses) are replaced with "GDPR Anonymised User #abc123"
  • Marketing consent is revoked
  • Linked subscriptions are cancelled
  • Tickets and reviews are anonymised the same way
  • Carts (active and abandoned) are deleted

Order history (line items, totals, dates) is retained. Required for accounting and tax law (typically 7-10 years). The customer is no longer identifiable from the data, which is the legal requirement.

Time: ~30 seconds.

Bulk export / delete

Settings → Privacy → Bulk request. CSV upload with email addresses → batch process. Useful when a regulator asks for proof you're handling a wave of requests, or when you've decided to retire an old database.

What we delete vs anonymise

  • Profile, marketing, consent → fully deleted
  • Orders, payments, taxes → anonymised (retained for legal compliance)
  • Server logs → already redacted (we mask IPs and emails on entry; see CLAUDE.md data-protection notes)
  • Backups → automatically purged on the same retention schedule (7-day rolling)

Cookie consent

Storefront → Settings → Cookie banner. We ship a compliant banner with allow/reject/customise. Geo-targeted (only shows in EU/UK/CA by default). Logs every consent event with a timestamp for audit.

If you embed third-party scripts (Google Analytics, Meta Pixel), tag them with a consent category. Settings → Cookie banner → Categories. And they only fire after consent.

Audit trail

Every export and delete is logged. Settings → Privacy → Audit log shows the request, the actor (you or an automated rule), the customer, and the outcome. Retained 3 years for regulator inspection.

What customers cannot ask for

  • Other customers' data
  • Aggregated anonymous analytics that reference them statistically
  • Anything related to legal disputes or fraud investigations involving them (legitimate-interest exemption)

Related guides

Still need help?

Real humans, real answers. We respond fast and we never use chatbots as the front line.

Email Support