Privacy & erasure (GDPR)

This page is for the Firm Admin (role merchant_admin). It describes the GDPR erasure (“right to be forgotten”) on the Privacy page (/privacy).

Where this lives

The erasure function lives on the Privacy page at /privacy, not in a separate admin area.

Who can trigger erasure

Erasure is restricted to privileged roles:

• merchant_admin (Firm Admin),
• compliance_officer (internal KS compliance),
• super_admin (internal KS administration).

A reviewer (staff) cannot trigger erasure.

What is erased

Erasure targets the data of an end customer (shopper), identified by their email address. It removes that end customer’s personal data from the client’s imported records.

End customer, not a team member

This erasure concerns the shop’s end customer / shopper — not a firm team member. To revoke a team member’s access, use Suspend under Manage team.

How to trigger erasure

1. Open the Privacy page (/privacy).
2. Choose Erase customer email.
3. Enter the affected end customer’s email address.
4. Confirm. The erasure runs and is recorded in the audit trail.

Logging

Every erasure is recorded in the audit trail — with the triggering person and timestamp. This keeps it traceable, for an audit, who triggered which erasure and when.

Next step

Background on immutability and the log: GoBD & period close and Audit trail.