Data security is important for us. Therefore, our platform is GDPR-compliant.

We anonymize all customer-related data we needed for the fulfillment process (like names, address, contact details) only when all evolved entities are operationally in a final state. The exact date for anonymization is configurable via API. You can use the field (retentionTime) which tells how many days after creation operationally finished processes will be kept un-anonymized. The default value is 30 days after the process was operationally finished.

Furthermore, we delete anonymized entities after a configured period (default deletionTimeAfterRetention 180 days).

This functionality only deletes the operational data. We keep on storing (the anonymized) data for our analytics products.

Change GDPR Configuration

There is the possibility for an admin to change the default value of 30 days to another value via API.

configuration namedescription


number (in days) when the anonymization should start


number (in days) after anonymization the deletion should happen

curl -sSL -X POST '' \
  --header 'Authorization: Bearer <TOKEN>' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "version": 1,
    "retentionTime": 30,
    "deletionTimeAfterRetention": 50


We have configured a retentionTime of 7 days and a deletionTimeAfterRetention of 10 days. Let's assume that we create an order on the 2023-01-01. Therefore, we have the created timestamp with the date 2023-01-01. The fulfillmenttools platform calculates the retention/deletion dates according to the current configuration. Then we have a calculated date for anonymization of 2023-01-07 and a deletion date of 2023-01-17.

We are able to fulfill the order on the 2023-01-03. Nevertheless, the corresponding anonymization / deletion dates are not recalculated since it is based on the created date of the order.

Note: we only start the gdpr process on operationally finished processes.

Last updated