Data Deletion Requests

Use this endpoint to explicitly anonymize a visitor by email for a specific site.

Available Endpoints

Important Behavior

• This endpoint is explicit and destructive for identity data on the matched visitor. It queues anonymization for that visitor record.
• Integrations can recreate visitors later if they send the same email again. This includes Stripe, Shopify, and other inbound integrations/workflows.
• Before deletion, manually back up any business-critical state you may need to recover quickly, especially unsubscribe status, spam/abuse notes, and custom fields.
• Bento may retain limited operational metadata required for reliability and security (for example logs, background-job telemetry, and abuse/rate-limit signals).

Create Request

Submit an email to anonymize. The email must exist on the specified site.

Required Attributes

• site_uuid (string): Site identifier used for auth scope.
• data_deletion_request[email] (string): Visitor email to anonymize.

Example Request

curl -X POST "https://app.bentonow.com/api/v1/data_deletion_requests" \
  -u "publishable_key:secret_key" \
  -d "site_uuid=YOUR_SITE_UUID" \
  -d "data_deletion_request[email]=user@example.com"

Responses

• 202 Accepted

{ "status": "queued_for_anonymization" }

• 404 Not Found

{ "error": "visitor_not_found" }

• 422 Unprocessable Entity

Validation or model update errors may be returned if the record cannot be queued.

Operational Recommendations

• Pause or mute upstream sources before deletion where possible (for example Stripe/Shopify syncs, webhook replays, or import jobs).
• Store your own audit snapshot before calling deletion if compliance requires exact before/after reconstruction.
• If your workflow depends on long-term suppression, combine deletion with external suppression controls in your own systems.