Erase a profile (GDPR)

Permanently removes a profile and all events tied to it. The operation is irreversible and audited.

Requires a server key (gflux_secret_*).

POST /v1/profiles/user_42/erase HTTP/1.1
Host: api.getfluxly.com
Authorization: Bearer gflux_secret_abcdef1234
Content-Type: application/json

{
  "reason": "gdpr_dsr",
  "request_id": "dsr_2026_05_16_001"
}

Request body

| Field | Type | Required | Notes | | --- | --- | --- | --- | | reason | string | yes | One of gdpr_dsr, ccpa_dsr, customer_request, internal | | request_id | string | no | Your DSR ticket ID, echoed in audit logs |

The \{id\} in the path can be a user_id, external_id, or anonymous_id. If multiple profiles share that ID through stitching, all of them are erased.

Response, 202 Accepted

{
  "erasure_id": "era_b3a8c2d1e",
  "profiles_targeted": 1,
  "events_targeted": 482,
  "completes_by": "2026-05-23T07:00:00Z"
}

The erasure runs asynchronously through the safeguard worker. GDPR's "without undue delay" is interpreted as within 7 days; the response gives the actual SLA timestamp.

After erasure

• Subsequent events with the erased IDs create new profiles. The chain is severed.
• The erasure entry stays in the audit log forever, including the operator who triggered it.
• Aggregated counts in dashboards that included the erased profile are reduced; pre-aggregated reports older than 90 days are not retroactively adjusted.

Errors

| HTTP | error | When | | --- | --- | --- | | 400 | validation_error | Missing reason or unknown reason value | | 403 | wrong_key_type | Tried with a publishable key | | 404 | not_found | No profile matches the given ID | | 409 | erasure_in_progress | A prior erasure is still running for this profile |