Opting out users

Note: This documentation is for a BETA feature. Contact Medallia Support or your CSM for more information.

The opt-out features allows you to mark a user as an "opted-out" user. This will block any future events of this user from being processed or stored.

The GDPR requires you, as a data controller to inform your users ("data subjects") with a clear explanation of how, where and by whom their data will be processed in accordance with the requirements of Articles 13 and 14 of the GDPR. Controller are also required to receive their consent for the collection and processing of any data they will share through your services unless the controller can rely on another legal basis (the list of permitted legal bases is described in Articles 6 and 9 of the GDPR). This question, or request for consent, is your responsibility as a data controller to invoke, and we imagine will look different across your different websites or your mobile apps. We encourage our customers to carefully assess which legal basis they rely on for each processing operation and display the relevant information required by the GDPR. If you receive an objection from your user, this feature should be used in order to stop tracking its activities.

Opting out a user will be done either by the SDK or a rest API request to Journey Analytics, by sending an event saying that the user has opted out of data collection. Our system will flag that user and will block all future events or sessions of that user. The opt-out operation will be carried out using customer_user_id. Since Journey Analytics allows you to link between multiple identities of the same user, opting out will also work for all the alternative identities of a single user, and not just the records received with the user id that asked for erasure or opting out. Notice that opting-out will only block events sent to Journey Analytics, but uploading user data from external data source or integrations will not be affected, and it is your responsibility to ensure deletion of this user from these data updates.

Opt-out event

The structure of the opt-out event will be like so:

{"event_name":"cooladata_opt_out","user_id":"<user_id>"}

This event can be sent from either the SDK by calling the track_event function (see the SDK documentation) or by sending a REST API call like so:

https://api.cooladata.com/v3/[app_key]/track

Content-Type: application/x-www-form-urlencoded

Payload: 
{events:
     [
      {"event_name":"cooladata_opt_out",
        "user_id":"<user_id>
     }
    ]
}

Investigating the Opt-out event

The actual opt-out event will be stored in cooladata, but the events following the opt-out event will not be stored. This means that sessions will be cut off and the "opt-out" event will be the last event stored in those sessions.You can run the following query to investigate users that requested to be opt-out in the last 7 days:

select customer_user_id, event_time_ts as time_of_request
from cooladata 
where date_range (last 7 days) and event_name in ("cooladata_opt_out")