Adyen Data Protection API
Adyen Data Protection API
Adyen Data Protection API handles GDPR/privacy operations — right-to-be-forgotten, PII deletion, shopper data export.
Deep integration with Adyen systems — ensures complete deletion (not just soft delete)
Some data cannot be deleted immediately due to AML/tax retention rules
POST /pal/servlet/SubjectErasure/v68/performSubjectErasure with shopperReference to initiate erasure. Status via webhook.
Uptime · 30-day window
About this API
GDPR and similar privacy laws place a tricky requirement on merchants: when a user exercises the right to be forgotten, the merchant must delete their personal info from all systems — including card tokens and transaction history at the payment processor. Data Protection API lets merchants pass that deletion request to Adyen. Adyen's handling logic is nuanced: deletable items (card tokens, shopper PII) are removed immediately; transaction records still in the retention period (AML requires 5-7 years) are retained but encrypted/pseudonymized; audit logs record "data was processed for GDPR request at time X". All merchants serving EU users should integrate this API or risk GDPR-complaint enforcement.
What you can build
- 1Respond to GDPR deletion requests (right to be forgotten)
- 2Export all PII of a shopper to the user (data portability)
- 3Periodic cleanup of data past retention
Strengths & limitations
Strengths
- Deep integration with Adyen systems — ensures complete deletion (not just soft delete)
- Audit logs retain proof of deletion
- Distinguishes deletable PII from retention-required transaction records
Limitations
- Some data cannot be deleted immediately due to AML/tax retention rules
- Requests are async — may take several business days
Example request
curl https://www.adyen.help/hc/en-us/community/topics/<endpoint>Getting started
POST /pal/servlet/SubjectErasure/v68/performSubjectErasure with shopperReference to initiate erasure. Status via webhook.
FAQ
Can transaction history be fully deleted?+
No — AML rules require 5-7 year retention. But PII is replaced or encrypted and disappears from normal queries.
How long does processing take?+
Simple cases: minutes to hours. Multi-system cases: several business days. Completion delivered via webhook.
Technical details
- Auth type
- unknown
- Pricing
- unknown
- Protocols
- REST
- SDKs
- java, python, javascript, php
- Response time
- 698 ms
- Last health check
- 5/12/2026, 7:36:31 AM
More from Adyen
Adyen Balance Control API moves funds between merchant accounts within Adyen — for centralized fund management and reconciliation.
Adyen BIN Lookup API returns card info from the first 6-8 digits of a PAN (BIN) — issuing bank, country, card type (debit/credit), product type.
Adyen Checkout API is the modern payments API for new integrations — pairs with frontend drop-in components, auto-adapting to 250+ payment methods.
Adyen Checkout Utility API provides auxiliary operations for Checkout API — originKey generation, payment methods listing, status queries.
Adyen Payments API is its flagship payment-processing API — authorize, capture, and refund across cards, local payment methods, and wallets.
Adyen Payouts API moves funds from a merchant account out to external bank accounts or cards — supports multiple local clearing rails.
Adyen Recurring API manages subscription card tokens — store, look up, and reuse tokens for subsequent card-not-present payments.
Adyen Test Card Service API generates test card numbers for sandbox payment testing — covers various issuer response scenarios.