> ## Documentation Index
> Fetch the complete documentation index at: https://moengage-sdk-docs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# GDPR / CCPA Overview

> Manage user data privacy rights and erasure requests programmatically to ensure GDPR and CCPA compliance.

## Overview

The MoEngage GDPR / CCPA API ensures that all user data rights are respected and managed for compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This API allows you to submit data requests, including the permanent erasure of personal data for specific users.

<Info>
  For detailed implementation guides on how MoEngage handles these regulations, refer to our [GDPR Implementation](https://help.moengage.com/hc/en-us/articles/360000878126-GDPR) and [CCPA Implementation](https://help.moengage.com/hc/en-us/articles/360052917232-CCPA) documentation.
</Info>

## GDPR API Endpoints

The compliance suite includes the following core functionality:

* [Submit a Data Request](https://moengage.mintlify.app/api/gdpr/submit-a-gdprccpa-data-request) - Create or update user rights (e.g., erasure requests).

## Supported Request Types

| Request Type | Description                                                                      |
| :----------- | :------------------------------------------------------------------------------- |
| **Erasure**  | Permanently deletes personal data associated with the specified user identities. |

## Supported User Identities

You can target users for data requests using the following identity keys:

* `id` (Unique Customer ID)
* `email` (User Email Address)
* `mobile` (Phone Number)
* `user_secondary_id`
* `google_advertising_id`
* `advertising_identifier`

## Constraints & Limits

<Warning>
  **Important Note on Deletion:** - Multiple users **cannot** be deleted in a single payload.

  * If an email ID associated with multiple user profiles is passed for erasure, **all** profiles associated with that email will be deleted.
</Warning>

### Technical Limits

* **Max Request Size:** 100 KB
* **Max Payload Size:** 128 KB (Exceeding this returns a `413 Payload Too Large` error)

## FAQs

<AccordionGroup>
  <Accordion title="Can multiple users be deleted using this API?">
    No. Multiple users cannot be deleted using this API in a single payload. You must send individual requests for different users unless they share the same email identity (see note above).
  </Accordion>

  <Accordion title="What happens when an email ID associated with multiple users is erased?">
    If multiple users have the same email ID and that email ID is passed in the erasure request, MoEngage will delete **all** users associated with that specific email ID.
  </Accordion>

  <Accordion title="What is the maximum size of the request payload?">
    The maximum payload size is 128 KB. If this limit is exceeded, a 413 error response will be sent.
  </Accordion>
</AccordionGroup>

## Postman Collections

Test your compliance workflows using our pre-configured Postman collection. [View Postman Collection →](https://www.postman.com/moengage-dev/api-docs/request/j4fwuwk/gdpr-ccpa-api?action=share\&source=copy-link\&creator=9636111)
