Data Deletion Instructions
Last updated: March 15, 2026
You have the right to request deletion of your personal data under GDPR, the Israeli Privacy Protection Law, and other applicable regulations. This page explains exactly what happens when you request deletion, what data is removed, what is retained by law, and how long the process takes.
1. Who Can Request Data Deletion
- Store Owners (Tenants): Full account and store data deletion
- Customers: Personal data, order history anonymization, loyalty points removal
- Delivery Couriers: Personal data, GPS history, earnings records
- Any user: Can request deletion via email, WhatsApp, or through the platform
2. How to Request Deletion
Option A: Email Request
Send an email to privacy@makolet.store
Include your name, the email or phone number associated with your account, and specify "Data Deletion Request" in the subject line. State whether you want full deletion or partial deletion (e.g., only marketing data).
Identity Verification
We will verify your identity within 48 hours by sending a confirmation code to the email or WhatsApp number on file. This prevents unauthorized deletion of someone else's data.
Confirmation & Processing
Once verified, we will send you a summary of what data will be deleted, what will be anonymized, and what must be retained by law. You confirm, and deletion begins.
Option B: WhatsApp Request
Message us on WhatsApp: +972-54-786-5418
Send: "I would like to request deletion of my personal data" along with the phone number associated with your account.
Option C: Dashboard Self-Service (Store Owners)
Navigate to Settings > Data Export
Log into your tenant dashboard. Go to Settings, then Data Export. You can download a full copy of your data before requesting deletion.
Contact support to initiate deletion
After exporting your data, email privacy@makolet.store to request full account deletion. Self-service deletion is not available to prevent accidental data loss.
3. What Happens to Your Data
3.1 Store Owner (Tenant) Deletion
When a store owner requests full account deletion, the following data is processed:
| Data Category | Action | Details |
|---|---|---|
| Store profile (name, address, phone, settings) | Deleted | Permanently removed from database |
| Product catalog, categories, variants | Deleted | All products and media removed |
| Customer list and contacts | Deleted | All customer records for your store removed |
| Credit accounts (BNPL) and transactions | Deleted | All store credit records removed |
| Loyalty programs, points, rewards | Deleted | All loyalty data removed |
| Campaigns, templates, automation rules | Deleted | All marketing data removed |
| WhatsApp templates, bot config, FAQs | Deleted | All WhatsApp configuration removed |
| Staff accounts and permissions | Deleted | All staff user records removed |
| Integrations (Clover, Square, Xero, etc.) | Deleted | API keys revoked, credentials destroyed |
| API keys and webhook subscriptions | Deleted | All access tokens invalidated |
| Branches and product overrides | Deleted | All branch data removed |
| Google Business, Analytics, Merchant settings | Deleted | All Google integration data removed |
| Support tickets and messages | Deleted | All ticket history removed |
| Order records | Retained 7 years | Required by Israeli tax law. Anonymized after deletion (personal details removed, only transaction amounts kept). |
| Invoices and payment records | Retained 7 years | Required by Israeli tax law (Income Tax Ordinance, VAT Law) |
| Audit log entries | Retained 1 year | Security audit trail, required for compliance. No personal data in entries after account deletion. |
3.2 Customer Deletion
When a customer requests data deletion:
| Data Category | Action | Details |
|---|---|---|
| User profile (name, phone) | Deleted | Account permanently removed |
| WhatsApp session data | Deleted | All chat sessions and preferences cleared |
| Shopping lists and favorites | Deleted | All saved lists removed |
| Store credit / BNPL accounts | Deleted | Credit accounts and transaction history removed |
| Loyalty points and redemptions | Deleted | All loyalty data removed |
| Allergy/dietary profiles | Deleted | Bio-profile data removed |
| Order history | Anonymized | Your user_id is removed from orders. Order records are kept (anonymized) for the store's tax compliance, but can no longer be linked to you. |
| Delivery addresses | Deleted | Removed when user record is deleted |
3.3 Courier Deletion
When a courier requests data deletion:
- Personal profile (name, phone, ID) — Deleted
- GPS location history — Deleted (auto-expires after 30 days regardless)
- Active delivery assignments — must be completed or reassigned first
- Earnings and payout records — Retained 7 years (tax law)
4. Deletion Process Timeline
We acknowledge your request within 24 hours via email or WhatsApp.
We verify your identity to prevent unauthorized deletion. A confirmation code is sent to your registered email or phone.
An internal deletion request is created in our compliance system. It requires approval from a second administrator (dual-control safeguard).
A compliance administrator reviews the request and approves it. The approver must be a different person from the one who created the request.
A super administrator processes the approved request. All identified data is deleted or anonymized in a single database transaction. Integration credentials are revoked. Cache entries are invalidated.
We verify the deletion is complete, remove data from backups during the next rotation cycle (up to 30 days), and send you a confirmation email with a summary of what was deleted.
Maximum processing time: 30 days from the date of your verified request, as required by GDPR Article 17. Most requests are completed within 15 days.
5. Data That Cannot Be Deleted
Under Israeli law and applicable regulations, we are required to retain certain records even after a deletion request:
- Tax records (7 years): Invoices, payment records, and transaction amounts are retained as required by the Israeli Income Tax Ordinance and VAT Law. These records are anonymized — your personal details are removed, only financial amounts are kept.
- Security audit logs (1 year): Immutable event logs are retained for security investigation purposes. After account deletion, these logs contain only event types and timestamps — no personal identifiable information.
- Legal hold: If your data is subject to an ongoing legal proceeding, regulatory investigation, or court order, deletion may be deferred until the matter is resolved. We will notify you if this applies.
- Active financial obligations: If you have outstanding credit balances or unpaid invoices, these must be settled before account deletion can proceed.
6. What Happens to Connected Services
When your account is deleted:
- PayPal: Your subscription is cancelled. PayPal retains their own records per their privacy policy.
- WhatsApp/Meta: We stop sending messages to your number. Meta retains message delivery logs per their policy.
- Google (Maps, Analytics, Business, Merchant): We delete our stored settings and tokens. Google retains data per their privacy policy.
- POS Systems (Clover, Square): Integration tokens are revoked. POS provider retains their own records.
- Accounting (Xero, QuickBooks): Sync is stopped, tokens revoked. Accounting provider retains synced data per their policy.
We cannot delete data held by third-party services. You must contact each service provider directly for their data deletion process.
7. Backup Data
Our automated backup system runs daily with a 30-day rotation:
- Your data may persist in encrypted backups for up to 30 days after deletion
- Backups are encrypted and access-controlled — they cannot be used to reconstruct your account
- Each backup is verified with SHA-256 checksums and automatically rotated (deleted) after 30 days
- We do not restore individual records from backups after a deletion request has been processed
8. Withdrawal & Consequences
Before your deletion request is processed, you may withdraw it at any time by contacting us. Once processing begins:
- Store owners: Your store becomes immediately inaccessible to customers. Active orders are completed, then the store is removed. This action is irreversible.
- Customers: Your account is removed. You can create a new account with the same phone number, but previous order history and loyalty points cannot be restored.
- Couriers: Active deliveries must be completed first. After deletion, you can re-register as a new courier, but previous earnings history is not restored.
9. Automated Data Cleanup
Even without a deletion request, we automatically remove data that is no longer needed:
- Sessions: Automatically expired after 24 hours
- Courier GPS data: Deleted after 30 days
- Event logs: Rotated after 90 days (1 year for security events)
- Bulk export files: Auto-deleted after 48 hours
- Expired promotion codes: Cleaned up daily
- Abandoned cart data: Cleared after 30 days of inactivity
10. Contact Us
Data Deletion Requests:
privacy@makolet.store
WhatsApp:
+972-54-786-5418
Data Protection Officer:
dpo@makolet.store
Response time: We acknowledge all requests within 24 hours.