Skip to main content

Data anonymization

Permanently scrub a customer's email from clicks, conversions, activity logs, and webhook payloads to satisfy GDPR erasure requests.

Written by Sasha Gerold

When a customer asks you to erase their personal data under GDPR or another privacy regulation, you need a way to remove their email from every place it appears in your Trackdesk workspace — not just the customer record, but tracking data, conversion history, audit logs, and stored webhook payloads as well.

The Data anonymization tool does exactly that. You provide one or more customer emails and Trackdesk replaces every occurrence with a unique anonymous identifier, so the customer can no longer be identified from the remaining data. The underlying conversions, clicks, and reports stay intact — only the personal data is removed.

This feature can be extremely useful if you operate in data sensitive verticals like health or medicine.

Before you start

A few things to keep in mind before you anonymize anything:

  • The action is irreversible. Trackdesk does not store the original email anywhere after anonymization. There is no undo.

  • It anonymizes the email, not the conversions. Existing conversions, clicks, commissions, and payouts remain in your reports. The customer-identifying data is replaced, the business data is preserved.

  • It is permission-gated. Only team members whose role grants access to Data anonymization can use the tool. Affiliates cannot access it.

  • Anonymization is per workspace. The same customer email in another Trackdesk workspace is unaffected.

Anonymize one or more emails

To run the tool, navigate to Settings → General → Data anonymization in your Trackdesk dashboard.

  1. Paste the customer emails you want to anonymize into the Anonymize customer emails field, one email per line.

  2. Click Anonymize.

  3. In the confirmation dialog, type ANONYMIZE exactly (uppercase) to confirm, then submit. The keyword is required so you do not trigger the action by accident.

You can submit up to 100 emails in a single run. Each address is validated as a real email format before anything is changed, and duplicates within the same submission are rejected.

What happens after you confirm

Trackdesk searches every location where customer-identifying information is stored and replaces each matching email with a deterministic placeholder in the format [email protected]. The same input email always produces the same placeholder inside your workspace, so related rows stay linked to each other even after the data is anonymized.

The places that get updated include:

  • The customer's email on revenue origins and any related advertiser records.

  • Conversion records, including any custom affiliate or advertiser parameters that contained the email (for example aff_s1 through aff_s5 and adv_s1 through adv_s5).

  • External customer identifiers and external conversion IDs that contained the email.

  • Stored conversion request payloads and click parameters.

  • Postback requests and the queued or historical attempts sent to your integrations.

  • Activity log entries where the email appeared inside an action's stored details.

Each email is processed independently. If something fails partway through a large batch, the emails already finished stay anonymized — you can re-run the tool for any addresses that did not complete.

Results

When the run finishes, Trackdesk shows an Anonymization results table listing each email you submitted along with the number of rows that were updated:

  • Email — The original address you submitted. This is only shown in the immediate result screen so you can confirm what was processed; it is not stored anywhere afterwards.

  • Occurrences — The total number of database rows that contained the email and were updated to the anonymized value.

If none of the submitted emails were found anywhere in your workspace, you'll see a message confirming that no rows were changed. This usually means the customer was already anonymized, the email was never tracked, or it was entered with a typo.

Audit trail

Every anonymization run is recorded in your workspace activity log so you can demonstrate compliance to auditors and to the customer who made the request. For each email processed, the activity log captures:

  • The anonymized placeholder value that was written to your data.

  • The number of rows that were updated.

  • The team member who performed the action and the timestamp.

The original email is deliberately not stored in the activity log — keeping it there would defeat the purpose of erasing it. If you need to prove which email was anonymized, keep a copy of the original request from the customer alongside the activity log entry.

Anonymizing via the API

If you want to automate erasure requests from your own privacy tooling, you can call the same action over the Trackdesk API. The endpoint accepts the same list of emails and returns the same per-email row counts, with the same 100-email-per-call limit and the same permission requirement. Contact your Trackdesk account manager for the current API details.

Related articles

Related Articles
E-commerce Refund Handling Popular Templates
Airtable Popular Templates
Google Sheets Popular Templates
Players in Trackdesk
Recording and viewing player movements
Did this answer your question?