Handling Customer Deletion Requests

Under the UK GDPR and other data protection regulations, individuals have the right to request deletion of their personal data. Felloh provides API tools to help you fulfil these requests.

Overview

When a customer requests that their personal data be deleted, you need to remove their data from both your own systems and any third-party services — including Felloh. The Felloh API provides deletion endpoints that allow you to programmatically remove customer records and associated data.

There are two approaches depending on your needs:

• Delete individual records — Use resource-specific delete endpoints to remove individual bookings, customers, or other objects
• Remove by customer identifier — Search for all records associated with a customer (by email or name) and delete them systematically

Deleting Customer Records

// 1. Find all bookings for the customer
const bookings = await client.bookings.list({
  organisation: 'org-id',
  keyword: 'customer@example.com',
});

// 2. Delete each booking
for (const booking of bookings.data) {
  await client.bookings.delete(booking.id);
}

// 3. Delete any payment links
const links = await client.paymentLinks.list({
  organisation: 'org-id',
});

for (const link of links.data) {
  if (link.email === 'customer@example.com') {
    await client.paymentLinks.delete(link.id);
  }
}

# 1. Find all bookings for the customer
bookings = await client.bookings.list({
    "organisation": "org-id",
    "keyword": "customer@example.com",
})

# 2. Delete each booking
for booking in bookings["data"]:
    await client.bookings.delete(booking["id"])

# 3. Delete any payment links
links = await client.payment_links.list({
    "organisation": "org-id",
})

for link in links["data"]:
    if link["email"] == "customer@example.com":
        await client.payment_links.delete(link["id"])

// 1. Find all bookings for the customer
$bookings = $client->bookings->list([
    'organisation' => 'org-id',
    'keyword' => 'customer@example.com',
]);

// 2. Delete each booking
foreach ($bookings['data'] as $booking) {
    $client->bookings->delete($booking['id']);
}

// 3. Delete any payment links
$links = $client->paymentLinks->list([
    'organisation' => 'org-id',
]);

foreach ($links['data'] as $link) {
    if ($link['email'] === 'customer@example.com') {
        $client->paymentLinks->delete($link['id']);
    }
}

// 1. Find all bookings for the customer
var bookings = await client.Bookings.ListAsync(new ListBookingsParams
{
    Organisation = "org-id",
    Keyword = "customer@example.com",
});

// 2. Delete each booking
foreach (var booking in bookings.Data)
{
    await client.Bookings.DeleteAsync(booking.Id);
}

// 3. Delete any payment links
var links = await client.PaymentLinks.ListAsync(new ListPaymentLinksParams
{
    Organisation = "org-id",
});

foreach (var link in links.Data)
{
    if (link.Email == "customer@example.com")
    {
        await client.PaymentLinks.DeleteAsync(link.Id);
    }
}

Data Retention and Eligibility

Not all data can be deleted immediately. Felloh is required to retain certain records for legal, regulatory, and compliance reasons. The following constraints apply:

Completed Transactions

Transaction records for completed payments must be retained for a minimum period to comply with:

• PCI DSS requirements — Transaction logs must be retained for audit purposes
• Financial regulations — Payment records are required for anti-money laundering (AML) and counter-terrorism financing (CTF) compliance
• Tax obligations — Transaction records may be needed for VAT or other tax reporting

Completed transactions cannot be deleted, but the personal data within them (customer name, email) will be redacted after the mandatory retention period expires.

Pending or Disputed Transactions

Records associated with the following cannot be deleted until they reach a final state:

• Pending transactions — Transactions that are still processing must complete before the associated booking can be deleted
• Active disputes and chargebacks — Records involved in an ongoing chargeback must be retained until the dispute is resolved
• Pending refunds — Refunds that are awaiting authorisation must be resolved before deletion

Trust Account Records

If you use Felloh's managed trust accounts, certain records related to disbursements and ledger entries must be retained to satisfy trust account audit requirements.

Best Practices

Keep a Deletion Log

Maintain an internal log of deletion requests received and actions taken, including:

• When the request was received
• What data was identified and deleted
• Any records that could not be deleted and the reason why
• When the deletion was confirmed to the customer

This helps demonstrate compliance with data protection regulations.

Respond Within the Required Timeframe

Under UK GDPR, you must respond to a deletion request within one calendar month. If the request is complex or you have received a high volume of requests, this can be extended by a further two months — but you must inform the individual within the first month.

Verify the Requester's Identity

Before deleting personal data, verify that the request is genuine and comes from the individual whose data it concerns (or their authorised representative). This prevents malicious deletion requests.

Inform the Customer

Once deletion is complete, confirm to the customer what data has been removed and explain any records that must be retained for legal reasons.

Further Reading

• Security at Felloh — Our security certifications and infrastructure safeguards
• Integration Security Guide — Best practices for building a secure integration
• Customers Resource — Customer management API reference
• Bookings Resource — Booking management API reference