> Source: https://tryordinary.com/data-deletion/ # Data Deletion How to have your data removed from Ordinary ## Who Ordinary is, and what we hold Ordinary is a cross-channel attribution and analytics platform used by Shopify merchants. We process data *on behalf of* those merchants — they are the data controllers, we are their data processor. The merchant owns the relationship with their customers; we provide the tools they use to analyze it. We hold two classes of data: - **Storefront analytics data** — the browsing and order data of customers who shopped at a merchant's store. This is controlled by the merchant. - **Authenticated-user data** — the email, name, and usage data of the merchant's own team members who log in to the Ordinary dashboard. This is a direct relationship between Ordinary and the user. The right deletion path depends on which class your data falls in. ## If you shopped at a store that uses Ordinary Your data is controlled by the *merchant*, not by Ordinary. The correct path is to contact the store you purchased from directly. Every Shopify merchant has a standard process for customer data-subject requests — when the merchant processes your request, Shopify automatically notifies every app the merchant uses (including Ordinary) via a `customers/redact` webhook. That cascades your deletion across the merchant's entire app ecosystem, including our systems. You don't need to contact Ordinary directly — and indeed we're not the right party to verify your identity since we have no direct relationship with you. The merchant knows who you are; we only see pseudonymous analytics that the merchant shares with us. **What we do when the merchant forwards a request to us:** within 30 days, your records in the merchant's Ordinary data partition are anonymized — email, name, phone, and address are removed or irreversibly hashed. Aggregated, non-identifiable analytics may be retained. We also stop forwarding your purchase events to Meta via the Conversions API. (Ordinary does not forward your purchase events to Google Ads. Any Google Enhanced Conversions activity is configured directly between the merchant and Google through Google's own tag or pixel and is governed by Google's controls linked below.) Historical events already delivered to ad platforms are the responsibility of those platforms under their own retention policies — their deletion flows are linked below. ## Deletion from connected ad platforms To request direct deletion from platforms that may have received events forwarded by merchants using Ordinary: - **Meta:** [Meta Privacy Rights request form](https://www.facebook.com/help/contact/540977946302970) - **Google:** [Google Enhanced Conversions data controls](https://support.google.com/ads/answer/12725004) ## If you have an Ordinary account (merchants and team members) If you log in to the Ordinary dashboard as a merchant or team member, we have a direct account relationship with you and can act on your request directly: - Email [privacy@tryordinary.com](mailto:privacy@tryordinary.com) from the email address associated with your account. Because you're authenticated via that email, we can verify the request. - Alternatively, an admin of your organization can remove your account and its audit history directly from *Settings → Team*. Requests for account-level deletion are acknowledged within 5 business days and fulfilled within 30. ## Merchants deleting a specific customer Merchants using Ordinary who need to delete a specific customer's data on that customer's behalf should: - **Preferred:** Process the request in Shopify Admin. Shopify will automatically notify Ordinary via the standard `customers/redact` webhook — no separate action required in the Ordinary dashboard. - For requests outside Shopify, use the *Settings → Data Privacy* tools inside Ordinary, which run the same anonymization pipeline. ## Why we don't process direct deletion requests from non-account-holders Processing anonymous deletion requests — where we'd simply trust a submitted email address — would let anyone delete anyone else's records by typing a target address. That risk outweighs the convenience. Routing storefront customers through the merchant preserves identity verification by the party who actually has the customer relationship (the merchant), while still fulfilling the deletion within the legally required window. ## Related policies [Privacy Policy](/privacy) [Terms of Service](/terms) ## Contact Ordinary Privacy: privacy@tryordinary.com Support: support@tryordinary.com