GDPR Data Anonymisation

In compliance with GDPR's "right to be forgotten", Dixa API allows for anonymisation of messages, conversations or users so that any personally identifiable information is removed out of the Dixa platform, without impacting metadata on which you may rely on for analytics or WFM purposes.

There's 3 anonymisation types currently implemented, which cover each other in a "waterfall" like structure

  • User anonymisation , which also includes the next two types
  • Conversation anonymisation , which also includes the next type
  • Message anonymisation

When anonymising your user, all of that user's conversations and messages are also anonymised. Similary, when anonymising a conversation (but not the user), all of the messages in that conversation are anonymised.

To keep it simple, we'll refer to user, conversation or message as "entity" from here on.

How it works

You can request any of the beforementioned entities to be anonymised. As a safeguard, we've added checks for open conversations so that you don't accidentally anonymise entities which are still being handled by your agents.

You can override this behaviour by adding ?force=true to the request URI, which will skip the check and anonymise the entity regardless of status.

Anonymisation requests are queued and are processed on a first come, first served bases. Therefore, when you request an entity to be anonymised, we will give you a requestId, which can be used to later check the status of the anonymisation.

In general, this queue is relatively short and requests are processed almost right away, but it can take up to 24 hours when a lot of entities are requested to be anonymised in a short time span.

Getting the correct identifiers

When trying to anonymise an entity, we expect you to pass us which entity you'd like to anonymise. In order to make sure we don't log any personal identifiable information (PII) when making these requests, we expect you to identify which entity you'd like to anonymise using Dixa's internal identifiers. You can get these via our APIs (they will always be under the id attribute) or, in case of users and conversations, inside the Dixa interface.

  • For conversations, the ID is always an integer
  • For users and messages, the ID will be a string (example, 7161f740-e8bf-44ab-8d3f-8ab00241c9c6 )

If you want to find the userId based on email address or phone number, you can use the GET /v1/endusers endpoint with ?email= or ?phone= as query parameters, followed by the email address or phone number of your end user.

If you want to find the messageId, you can use the Message Export API or GET /v1/conversations/{conversationId}/messages endpoint, where conversationId is the integer identifiying the conversation in which the message resides.

Example requests

Here are some example CURL commands you can use. Make sure to change <API token> with a Dixa API token

  • If you'd like to anonymise user 7161f740-e8bf-44ab-8d3f-8ab00241c9c6 , you'd have to make the following request:
    Copy
    Copied
    curl -X PUT -H "Authorization: Bearer <API token>" "https://dev.dixa.io/v1/endusers/7161f740-e8bf-44ab-8d3f-8ab00241c9c6/anonymize"

    Please note, we currently only support anonymising end users, if the user is of the type "agent", you will first have to downgrade the agent to end user. You can do so with the Agents resource in our API.

  • If you'd like to anonymise conversation 123 , even when it's open , you'd have to make the following request:
    Copy
    Copied
    curl -X PUT -H "Authorization: Bearer <API token>" "https://dev.dixa.io/v1/conversations/123/anonymize?force=true"

Checking the status of a request

Both of the above example requests (and any other request you make) should return you an output similar to thisone:

Copy
Copied
{
  "data": {
    "id": "87bac308-e49f-4134-84cc-96b868f1e1e4",
    "_type": "Conversation",
    "initiatedAt": "2022-02-01T00:41:26.381Z[GMT]",
    "targetEntityId": "7392",
    "requestedBy": "b165fdaa-51d6-44b0-bfcd-5f431d623fa7"
  }
}

If you'd like to look up the status of your request, you'd have to make following request, using the id from the output above (in data.id):

Copy
Copied
curl -X GET -H "Authorization: Bearer <API token>" 'https://dev.dixa.io/v1/anonymization/request/87bac308-e49f-4134-84cc-96b868f1e1e4'

Which will give you a response similar to this:

Copy
Copied
{
  "data": {
    "id": "efbb03a0-be79-4ce0-b1ef-9f799e48143e",
    "_type": "Conversation",
    "initiatedAt": "2022-02-28T09:01:11.561Z",
    "targetEntityId": "690",
    "requestedBy": "c16ad1ec-39c1-4317-813f-a6198e05037d",
    "processedAt": "2022-02-28T09:01:11.758Z"
  }
}

Note the processedAt attribute which contains a timestamp of when we have processed the request. If the request isn't processed yet, the value will be null.