DocumentationGDPR erasure

GDPR erasure

DELETE /contacts/:externalId — right to be forgotten.

When an end user requests deletion under GDPR (or similar regulations), remove their contact record from MailingCore via the API.

Erase a contact

DELETE /contacts/{externalId}
Authorization: Bearer mc_live_xxxx
X-Tenant-Id: clxxxxxxxx
  • {externalId} — the ID you assigned when upserting the contact (PUT /contacts), not necessarily the internal MailingCore id.
  • Required scope: contacts:write (or dashboard JWT).
{
  "deleted": true,
  "externalId": "user-12345"
}

What is removed

  • Contact profile and custom attributes for that externalId
  • Association with audience segments in your tenant

Email send logs may retain anonymized or minimal delivery records for billing and abuse prevention. If you need full log redaction, contact support with the externalId and timeframe.

Recommended integration flow

  1. User requests deletion in your app.
  2. Delete personal data in your primary database.
  3. Call DELETE /contacts/{externalId} on MailingCore.
  4. Optionally add the email to suppressions if you must block future sends to that address.
await fetch(`https://api.mailingcore.com/contacts/${externalId}`, {
  method: 'DELETE',
  headers: {
    Authorization: `Bearer ${process.env.MAILINGCORE_API_KEY}`,
    'X-Tenant-Id': process.env.MAILINGCORE_TENANT_ID,
  },
})

Related