Everyone has the right to have their personal data erased, and UMAP360 is built to honour that. Whether you're acting on a customer's request or removing your own data, here's what deletion means, how to start it, and what stays behind for legal reasons.
UMAP360 supports the right to erasure under the GDPR (EU/EEA) and India's DPDP Act, alongside other major privacy regulations.
Deleting a single customer
If a customer asks you to erase their data, you can delete their profile directly from your customer records. Deleting a profile permanently removes that person's events, identity signals, and sessions.
This can't be undone
Deleting an individual customer profile is permanent. Once removed, their behavioural history, identity links, and session data are gone and cannot be recovered. Make sure you have the right profile before you confirm.
You can find and open any profile from your customer list — see Browsing profiles for how to locate the right person.
Deleting an account or making a formal request
For a full account closure, a broader erasure request, or a request that needs to be logged for compliance, use the public data deletion request page. It's open to anyone — dashboard users, the people behind your tracked data, and users coming from Meta or Google.
You submit a short form, and you'll receive a confirmation code so you can track the request. We respond within the timelines required by law:
| Regulation | Where | Response window |
|---|---|---|
| DPDP Act | India | 30 days |
| GDPR | EU/EEA | 1 month |
| CCPA/CPRA | California | 45 days |
You can also reach out to our team directly if you'd rather not use the form — see Contact support.
What "deleted" actually means
For account-level and formal requests, your data is made inaccessible immediately, then permanently purged within 90 days. This grace period protects you against accidental requests and gives our systems and providers time to finish removing your data everywhere.
Why a grace window?
"Putting data beyond use" right away — and purging it for good shortly after — is a recognised, regulator-accepted way to meet erasure requirements. Your data is unreachable from the moment the request is processed.
What we keep, and why
A few categories are retained even after a deletion request, because the law requires it:
- Billing and financial records — kept to meet tax and accounting obligations.
- Records needed for legal compliance — held where we're legally required to do so.
- Anonymised data — information that can no longer identify anyone.
- Backups and audit logs — rotated and removed on their own schedule, and used only to prove a request was handled correctly.
These exceptions are standard under both the GDPR and the DPDP Act, and they're spelled out on the data deletion page.
Requests from Meta and Google
UMAP360 also honours erasure requests that come through Meta and Google. If someone removes UMAP360 from their Facebook/Meta account, or revokes access on Google, we act on that signal automatically — soft-deleting the relevant connected data and giving the user a way to check the status of their request. You don't need to do anything for these to be processed.
Next steps
- Privacy & Trust overview — how we approach privacy across the platform
- How your data is stored — where data lives and how it's protected
- Consent management — capturing and respecting consent
- Request data deletion — the public erasure request form
- Our privacy policy — the full legal detail
Last updated 2026-06-11