GDPR configuration

As mentioned in the GDPR section of the Helpful information article, fulfillmenttools is GDPR-compliant.

All customer-related data that was needed for the fulfillment process (like names, addresses, and contact details) is anonymized once all evolved entities are operationally in a final state. The exact date for anonymization is configurable via API.

Change GDPR configuration

The values of the GDPR configuration are:

• retentionTime defines how many days after creation, operationally finished processes are anonymized. Default value: 30 days after the process is operationally finished.

• deletionTimeAfterRetention defines when anonymized entities are deleted. Default value: 180 days.

To check the current configuration, use the below endpoint:

GET https://{YOUR_TENANT_NAME}.api.fulfillmenttools.com/api/configurations/gdpr

{
    "retentionTime": 30,
    "deletionTimeAfterRetention": 180,
    "version": 0,
    "id": "gdpr",
    "actorAnonymization": true
}

To change the default values, use the below endpoint:

PUT https://{YOUR_TENANT_NAME}.api.fulfillmenttools.com/api/configurations/gdpr

{
    "retentionTime": 15,
    "deletionTimeAfterRetention": 5,
    "actorAnonymization": true,
    "version": 1
}

{
    "id": "gdpr",
    "version": 2,
    "actorAnonymization": true,
    "created": "2025-12-30T13:01:39.055Z",
    "deletionTimeAfterRetention": 5,
    "lastModified": "2025-12-30T13:01:39.055Z",
    "retentionTime": 15
}

In the above example, we've set a retentionTime of 15 days and a deletionTimeAfterRetention of 5 days. If an order is created on 2026-01-01, the platform calculates:

• Anonymization date: 2026-01-15

• Deletion date: 2026-01-20