Privacy Requests FAQ
Q: Can an anonymized member be recovered if they change their mind?
A: No. Anonymization is an irreversible process. Once the request is executed, the member's name, email, and phone number are replaced with system-generated IDs. The member will permanently lose access to their account, point balance, and any unclaimed rewards.
Q: How do I verify that a privacy request is legitimate?
A: To prevent unauthorized data exposure, you must verify the requester's identity before processing. Best practice is to ensure the request originated from the authenticated email address associated with the member's account or through a verified support ticket within the Support Center.
Compliance Note: Under GDPR, you generally have 30 days to fulfill a data access or deletion request. You can monitor the status and deadlines of all pending requests directly in the Privacy Module dashboard.
Q: Does deleting a member in TRIFFT also delete them in Klaviyo or Shopify?
A: The "Anonymize" function in TRIFFT primarily handles the loyalty database. While some integrations support automatic suppression, it is vital to manually verify that the member's PII has also been removed or unsubscribed from connected tools like Klaviyo, Bloomreach, or Shopify to ensure full compliance.
Q: Where can I find a record of all privacy actions for a legal audit?
A: The TRIFFT Cockpit maintains a permanent, immutable Compliance Log within the Privacy Requests. This audit trail records the date of the request, the type of action taken (Export or Anonymize), and the administrator who executed the task, providing the documentation needed for regulatory reviews.
Updated 1 day ago
