Legal · Data Deletion · Erasure protocol

Delete my data. All of it.
No retention dance.

Three routes. One promise. Thirty days, almost always within hours. No dark patterns, no "are you sure?" loops, no ten-step escape room. You ask, we purge, we confirm in writing. The door out is the same size as the door in.

Last updated · 15 April 2026
SLA · 30 days
Typical · < 24 hours
Request deletion Privacy policy
Choose your route

Three ways to disappear cleanly.

§ I · Recommended
Email a one-liner.
Send one sentence. No form, no ticket portal, no canned auto-reply. A human confirms within one business day and the purge runs inside 30 days — usually hours.
rocketman@mustbeagency.com
§ II · Automatic
Uninstall from Shopify.
The moment Ralph is uninstalled, Shopify fires shop/redact and customers/redact. Ralph honours them, HMAC-verified, and starts the 30-day purge automatically. No action required on your side.
Open Shopify admin
§ III · Platform
Revoke at the source.
Pull the plug from Meta Business Settings or your Google Account. The revocation fires Ralph's data-deletion endpoints, which purge the relevant tokens and platform-sourced data.
Meta → Google →
Platform deletion endpoints

For platform reviewers, in one place.

Shop
Shopify mandatory webhooks
HMAC-verified · 30-day SLA
Ralph implements all three Shopify Protected Customer Data redaction webhooks, verified with HMAC on every request.
customers/data_request customers/redact shop/redact
Meta
Data Deletion Request Callback
Signed-request verified · 30-day SLA
The URL Meta's app review team plugs into the Facebook developer settings for RALPH AI. Returns confirmation code and status URL per Meta's spec.
https://api.mustberalph.com/webhooks/meta/data-deletion
Gggl
Google user data deletion
In-app flow · 30-day SLA
Google API Limited Use obligations honoured. Deletion handled via the in-app Settings flow or by revoking access in your Google Account; tokens and Google-sourced data purged within 30 days.
Settings → Privacy → Delete my data

01 What we delete

When you ask for erasure, Ralph hard-deletes everything tied to you or your store from the live database. No archival tier, no "we'll keep it in case". The full ledger:

Purged Gone

  • Account profile, email, credentials
  • Shopify store snapshots, orders, customers
  • Meta, Google, GSC, GA4 OAuth tokens
  • Conversation history & Ralph's memory of you
  • Uploaded creative & generated images
  • Campaign history, pipelines, briefs, drafts
  • Analytics and intelligence tables for your store
  • Encrypted backups (inside 30-day window)

Retained Required

  • Billing & tax records (7 yrs — HMRC)
  • Stripe payment receipts (Stripe-controlled)
  • Anonymised, aggregated usage metrics
  • A single ledger line: who asked, when, confirmed

Every retained item is either a legal requirement we cannot override, or stripped of anything that could identify you. We don't hoard.

02 What (little) we keep, and why

Three boring reasons a business of our size has to retain a small amount of data:

  • UK tax law. HMRC requires businesses to keep billing records for seven years. We keep the invoice, not the person's life story.
  • Stripe. Card receipts live in Stripe's vault, not ours. Stripe has its own deletion process; we're happy to point you at it.
  • Abuse prevention. A single ledger line — email X requested deletion on date Y, confirmed on date Z — so we can prove to an auditor or regulator that your request was honoured.

03 The purge, step by step

  • 01 · Confirm receipt. A human (not a bot) replies within one business day with a case reference.
  • 02 · Verify the request. We match the requesting email against the shop owner on file. No notarised documents required — just enough to be sure we're erasing the right thing.
  • 03 · Purge the live database. Personal data, store data, orders, conversation memory, tokens, creative, analytics snapshots — hard-deleted. Usually within hours.
  • 04 · Roll backups off. Encrypted backups sit on a 7-day rolling window. Your data is fully eliminated from every backup inside 30 days.
  • 05 · Confirm in writing. An email lands in your inbox the moment deletion completes. Subject: Data deletion confirmed. Keep it for your records.

04 Verifying your request

To avoid deleting the wrong account, we verify that the email requesting deletion matches the one on file. If you can email us from the address associated with your Ralph account, that's usually enough. If not (lost access, changed address, etc.), we'll ask for one additional signal — the shop domain, the last four digits of the card on file, or confirmation via the Shopify admin.

No notarised documents. No ID scans. We're not a bank. The goal is to be sure, not to be obstructive.

05 Platform deletion endpoints

For platform reviewers and for users who prefer to pull the plug at the source:

Shopify

  • customers/data_request — subject access request relay
  • customers/redact — per-customer erasure
  • shop/redact — fired 48 hours after uninstall; full store purge

All three are HMAC-verified on every request; completion within Shopify's 30-day Protected Customer Data SLA.

Meta

Data Deletion Request Callback URL (the value to paste into Meta's developer console):

https://api.mustberalph.com/webhooks/meta/data-deletion

Returns confirmation code and status URL per Meta's data deletion callback spec.

Google

In-app Settings → Privacy → "Delete my data", or revoke Ralph at myaccount.google.com/permissions. Tokens and Google-sourced data purged within 30 days, per Google API Limited Use policy.

06 Backups & the 7-day window

We run encrypted, off-site backups on a 7-day rolling window. When you request deletion, the live database is purged immediately; your data then rolls off every backup inside 30 days as old snapshots are overwritten by new ones. At day 30, no copy of your data exists anywhere in Ralph's systems.

07 Written confirmation

Every deletion is confirmed in writing to the email address that requested it (or to the shop-owner email on file for automated flows). If you don't receive confirmation within 30 days of your request, that is itself a bug — please email us and we'll escalate.

08 Questions & contact

Anything deletion-related:

  • Email: rocketman@mustbeagency.com
  • Subject line: Data Deletion Request (for a new request) or Data Deletion Question (for anything else)
  • Regulator: UK ICO — ico.org.uk — if you believe we have not honoured your request

We'd rather lose you clean than keep you by friction. Every founder has filed a deletion request into some company's void and never heard back. Not here. The door out is the same size as the door in.

— Ralph