Anonymization
Introduction
.png)
Customer Anonymization in the SCAYLE Panel
SCAYLE’s Customer Anonymization feature enables secure, GDPR-compliant anonymization of customer data via:
This ensures:
- Full traceability
- Internal and external system updates via webhooks
- GDPR Article 5(2) compliance
Note: This feature must be activated by SCAYLE. Contact your SCAYLE Account Manager to enable it.
How It Works
Concept
Customer Anonymization refers to the irreversible replacement of personally identifiable data with placeholders (e.g., ****) once all legal and business requirements are fulfilled.
A Soft Anonymization phase is applied first:
- The user’s account is locked (no login or new orders).
- Data remains intact during this phase.
SCAYLE Panel accepts only anonymization by
customer IDs.Admin API allows anonymization by
customer IDorreference key.
Soft vs. Hard Anonymization
| Type | Description |
|---|---|
| Soft Anonymization | Locks customer account; all data retained. |
| Hard Anonymization | Irreversibly replaces personal data after order conditions are met. |
Customers with ongoing orders (
order_confirmed,order_invoiced,order_cancelled) cannot be anonymized.
Anonymization Threshold
Defines the waiting period (in days) after the last closed order before personal data is deleted.
| Aspect | Detail |
|---|---|
| Purpose | Defines days to wait after last order before hard anonymization. |
| Default | 10 years |
| Threshold Updates | New values apply only to new requests. Existing jobs retain original threshold. |
Immediate Anonymization is executed for customers who never placed an order.
Pended orders older than 7 days are treated as closed.
All actions are logged in an Audit Trail to meet GDPR requirements.
Webhooks
SCAYLE emits a customer-anonymized webhook for every anonymization request (SCAYLE Panel or Admin API).
Webhook Statuses
| Status | Description |
|---|---|
initiated | Request created. Soft anonymization applied. |
pending | Threshold countdown active. |
executed | Hard anonymization complete. Data replaced. |
cancelled | Request cancelled before execution. Soft anonymization lifted. |
Same webhook endpoint for soft and hard anonymization. Payload extended but compatible.
Cancellation of Anonymization
Customer anonymization requests can be cancelled. Cancellation will lift the soft-deletion lock and prevent hard anonymization from being executed.
Methods
| Method | Description |
|---|---|
| SCAYLE Panel | Use “Cancel anonymization” action in request view. |
| Admin API | See Admin API Guide |
Only possible if the anonymization status is initiated or pending.
Scope & Limitations
In Scope
- ✅ Anonymization via Panel or Admin API
- ✅ Bulk anonymization via CSV/XLSX (both interfaces)
- ✅ Full audit logging
- ✅ Automated Webhook notifications
- ✅ Configurable threshold periods
- ✅ Customer email notifications (anonymized / cancelled)
Webhook data retained for 6 months, invoice data for 10 years (configurable).
Not in Scope
- ❌ Anonymization via email address
- ❌ Automatic anonymization (must be triggered manually)
- ❌ Reverting anonymizations once executed
- ❌ Automatic handling of disputes or fraud
- ❌ Anonymization of customers with open orders
- ❌ SCAYLE Panel support for reference key (API only)
Anonymization Flow
Anonymization
-(2).png)
Cancel Anonymization
-(2).png)
Test Scenarios
Test cases
- ✅ Anonymization triggered (SCAYLE Panel or Admin API) → login blocked, request queued, webhook sent with
initiatedstatus. - ❌ Open orders → request remains
pendinguntil conditions met. - ✅ All orders closed & threshold elapsed → hard anonymization executed, webhook sent with
executed. - ✅ Deletion cancelled (via SCAYLE Panel or Admin API) → request marked
cancelled, webhook and email sent. - ✅ Bulk delete (CSV/XLSX) → batch processed, logs generated.
