How does Promoted protect your metrics logging data?

We have two log concepts:

  • Profiles logs - these contain sensitive information and are designed to be mutated depending on User requests. An example of a Profile record is our User log record.

  • Transactions logs - these are designed not to contain sensitive information. They’re also designed to be immutable and easy to separate from the actual user.

In order to make it easy to detach data and recommendations from specific users, we introduce a separate user ID, called a log_user_id, which you can think of as an anonymous user id. Log_user_ids can be kept in User tables or on devices. When a user wants to be forgotten, you delete the association of the user to log_user_id.