# GDPR configuration

As mentioned in the [GDPR section of the Helpful information article](https://docs.fulfillmenttools.com/documentation/about-fulfillmenttools/helpful-information#general-data-protection-regulation-gdpr), fulfillmenttools is GDPR-compliant.

All customer-related data that was needed for the fulfillment process (like names, addresses, and contact details) is anonymized once all evolved entities are operationally in a final state. The exact date for anonymization is configurable via API.&#x20;

## Change GDPR configuration

{% hint style="info" %}

## Prerequisites

* Have an Administrator role
  {% endhint %}

The values of the GDPR configuration are:

* `retentionTime` defines how many days after creation, operationally finished processes are anonymized. Default value: 30 days after the process is operationally finished.
* `deletionTimeAfterRetention` defines when anonymized entities are deleted. Default value: 180 days.

{% hint style="success" %}
This deletion functionality only deletes operational data. The anonymized data is still stored for analytics.
{% endhint %}

To check the current configuration, use the below endpoint:

{% tabs %}
{% tab title="GET endpoint" %}

```http
GET https://{YOUR_TENANT_NAME}.api.fulfillmenttools.com/api/configurations/gdpr
```

{% endtab %}

{% tab title="Response body" %}
Below is the default values for all customers:

```json
{
    "retentionTime": 30,
    "deletionTimeAfterRetention": 180,
    "version": 0,
    "id": "gdpr",
    "actorAnonymization": true
}
```

`actorAnonymization: true` means `username` and `userId` are stored anonymized in the audit entry. If set to `false`, the data is written without anonymization.
{% endtab %}
{% endtabs %}

To change the default values, use the below endpoint:

{% tabs %}
{% tab title="PUT endpoint" %}

```http
PUT https://{YOUR_TENANT_NAME}.api.fulfillmenttools.com/api/configurations/gdpr
```

{% endtab %}

{% tab title="Request body" %}

```json
{
    "retentionTime": 15,
    "deletionTimeAfterRetention": 5,
    "actorAnonymization": true,
    "version": 1
}
```

{% hint style="info" %}
Remember to increase the version number from the original number in the `GET` response.
{% endhint %}
{% endtab %}

{% tab title="Response body" %}

```json
{
    "id": "gdpr",
    "version": 2,
    "actorAnonymization": true,
    "created": "2025-12-30T13:01:39.055Z",
    "deletionTimeAfterRetention": 5,
    "lastModified": "2025-12-30T13:01:39.055Z",
    "retentionTime": 15
}
```

{% endtab %}
{% endtabs %}

In the above example, we've set a `retentionTime` of `15` days and a `deletionTimeAfterRetention` of `5` days. If an order is created on `2026-01-01`, the platform calculates:

* Anonymization date: `2026-01-15`
* Deletion date: `2026-01-20`

{% hint style="info" %}
Changes to `actorAnonymization` might take up to an hour to take effect.
{% endhint %}