DocumentationGDPR erasure
GDPR erasure
DELETE /contacts/:externalId — right to be forgotten.
When an end user requests deletion under GDPR (or similar regulations), remove their contact record from MailingCore via the API.
Erase a contact
DELETE /contacts/{externalId}
Authorization: Bearer mc_live_xxxx
X-Tenant-Id: clxxxxxxxx
{externalId}— the ID you assigned when upserting the contact (PUT /contacts), not necessarily the internal MailingCoreid.- Required scope:
contacts:write(or dashboard JWT).
{
"deleted": true,
"externalId": "user-12345"
}
What is removed
- Contact profile and custom attributes for that
externalId - Association with audience segments in your tenant
Email send logs may retain anonymized or minimal delivery records for billing and abuse prevention. If you need full log redaction, contact support with the externalId and timeframe.
Recommended integration flow
- User requests deletion in your app.
- Delete personal data in your primary database.
- Call
DELETE /contacts/{externalId}on MailingCore. - Optionally add the email to suppressions if you must block future sends to that address.
await fetch(`https://api.mailingcore.com/contacts/${externalId}`, {
method: 'DELETE',
headers: {
Authorization: `Bearer ${process.env.MAILINGCORE_API_KEY}`,
'X-Tenant-Id': process.env.MAILINGCORE_TENANT_ID,
},
})
Related
- Data residency
- API keys and scopes —
contacts:write