Native User Anonymization

Starting in Strategy One (May 2026), you can enable native user anonymization that allows administrators to automatically anonymize user identifier in the Platform Analytics telemetry data without direct SQL access to the warehouse. Use this functionality to comply with GDPR-based regulations (for example, right to be forgotten) and internal retention policies while preserving the analytical value and auditability of execution records.

High-level Behavior

When you enable native user anonymization, Platform Analytics executes the following process:

Identifies Platform Analytics records older than your configured number of days.
Replaces user identifies and deletes aggregate fact tables older than your configured number of days.
Logs the number of anonymized or deleted rows for each run.

Configure Native User Anonymization

In the REST API, use the following operations to configure user data anonymization:

GET /api/telemetry/admin/runtime-config/anonymizeDataOlderThanNDays
- Returns a specific configuration entry. The default value is 0. Update this value to the preferred number of days. To turn off the feature, set it to 0.
PUT /api/telemetry/admin/runtime-config/anonymizeDataOlderThanNDays
- Updates the value of an existing configuration key. Update this value to the preferred number of days. To turn off the feature, set it to 0.
  
  Request body:
  
  { "value": "365" }

Limitations

Only PostgreSQL is supported. MySQL is not supported.
Anonymization only applies to the active Platform Analytics warehouse only.
Data stored in cloud-native backups or other backup mechanisms is not anonymized by this feature.
Anonymization is irreversible. Once applied, the original user identity can not be restored.
The feature anonymizes all users' records older than your configured days. Per-user, per-group, or ad-hoc anonymization is not supported.