Question

Help selecting correct data safety questions

  • 29 November 2023
  • 3 replies
  • 79 views

Badge +5

Looking at this guide and it makes sense but for data deletion I am still trying to understand what information RC is collecting that I am not providing via the SDK. I do not set any attributes or anything extra. Just the app user id which is a guid. Does anything still need to be deleted from RC when user deletes /requests delete their account?

Also how does this work if user still has active subscription but delete is request and the delete would be made via the RC API?

 


3 replies

Userlevel 3
Badge +6

Hey @vic-a563d7!

 

Deleting users through the RevenueCat dashboard or API clears out all of their data and is sufficient for GDPR erasure requests. I would recommend if a user requests deleting their account, you just delete that user via RC as well so all of the necessary data is wiped and this should be sufficient on your end aside from things that you might store on your end that would need to be deleted. 

 

Also how does this work if user still has active subscription but delete is request and the delete would be made via the RC API?

 

Deleting a user from RevenueCat won't cancel their active subscription. You can cancel a user's Google Play subscription before deleting them via our API. For iOS, it's not possible for you to cancel a user's Apple subscription; this is a limitation of the App Store, so their subscription would be still technically active. We recommend deleting a user once their subscription is inactive. 

Badge +5

@Michael Fogel  I am asking what RC is collecting from the user. If I only set app user id and nothing else, does RC still somehow track more data that would have to be deleted to suffice GDPR erasure requests? In other words, if RC only has a user guid id, why do we need to delete anything inside RC? since there is no personal user information inside RC only a guid string that means nothing to RC or someone who would look inside RC.

For second question, do you think I should still delete the user in RC and cancel their subscription if they delete their account in my app? Or telling the user that they have to cancel manually themselves will suffice to pass app store policies?

Userlevel 3
Badge +6

Hey @vic-a563d7 !

 

More information on what we collect and our privacy can be found here: https://www.revenuecat.com/privacy/

 

I would delete the user in RC if you are worried about this, and cancel their subscription so you can make sure that they are no longer billed. Otherwise, you could also delete the users for subscriptions that had already been cancelled and expired. 

 

Let me know if that helps! 

Reply