Avnology ID
API ReferencePrivacy

Privacy

End-user data-export, account-deletion, and CCPA opt-out requests.

Privacy

PrivacyService implements the end-user-facing side of GDPR Articles 15-22 and CCPA. These RPCs are called from your in-product "My Data" settings page (or the built-in /account/privacy route if you use the hosted Universal Login).

Base URL: https://<Domain id="api"/>

Authentication: User session token. Privacy requests act on the authenticated identity -- there is no admin override.

RPCs

MethodPathPurpose
ExportMyDataPOST /v1/privacy:exportMyDataRequest a signed ZIP of all data held about the caller
RequestAccountDeletionPOST /v1/privacy:requestAccountDeletionQueue a 30-day grace account deletion
GetDataCategoriesGET /v1/privacy:getDataCategoriesList the data categories the platform holds about the caller
OptOutOfSalePOST /v1/privacy:optOutOfSaleCCPA Do-Not-Sell flag

Retention & cancellation

Account deletion is queued with a 30-day grace window. The user can cancel via the Admin IdentityService CancelDeletion RPC (admin action) or by signing in during the grace period (auto-cancels if cancel_on_login was enabled at submission).

Audit trail

Every privacy action emits an audit event:

  • privacy.export.requested
  • privacy.deletion.requested
  • privacy.deletion.cancelled
  • privacy.opt_out.recorded

Separation of Duties

Static rules that prevent toxic combinations of permissions.

Export My Data

Request a signed ZIP archive of everything the platform holds about the caller.

On this page

PrivacyRPCsRetention & cancellationAudit trail