Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Archive SDK—Right to Be Forgotten (RTBF)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Archive SDK—Right to Be Forgotten (RTBF)

            Data privacy regulations grant individuals the Right to Be Forgotten (RTBF), requiring organizations to securely erase personal data upon request. Archive SDK enables compliance by identifying and deleting specific data from the Archive app, ensuring thorough removal while preserving the integrity of other archived data.

            RTBF Filter Criteria

            To process an RTBF request, specify the appropriate filter criteria. For example:

            Criteria Example
            Field Name Employee ID
            Object Contact
            Value ID 123456789011121314

            Important Considerations

            • Submissions are limited to 10,000 requests per day with a 10,000 root record search limit.
            • The RTBF deletion process extends to directly and indirectly related child records within a hierarchy.
            • Overlapping search results can mark some records as already deleted in the audit file.
            • If the search result limit is reached, the SDK activity status displays a 200 status code with this error.

              Request processed. Maximum search results reached. Refine your search or submit a new request.

            • Most standard RTBF requests complete within 30 minutes.
            • For optimal results, target the root object.
            • Object and Field Name filters aren't case-sensitive.
            • Archive doesn't support partial deletion.

            RTBF Behavior for Child Records in an Archived Hierarchy

            When executing an RTBF request on a child record, the request removes the entire archived hierarchy associated with it.

            For example, if you search for a specific Case record and submit an Archive RTBF request, the request removes the Case, its associated Tasks, and its related Account root record. Because these records were archived together, RTBF deletes the entire archived hierarchy.

            However, if the Account was archived separately, running RTBF on the Case record removes only the Case and its Tasks, but not the Account record.

            How RTBF Works

            The RTBF process runs as an asynchronous process and follows these sequential API calls.

            • Data Identification—The SDK queries Archive to locate all records matching the specified filter criteria.
            • Data Deletion—The SDK sends a deletion request to Archive, removing all matching records.

            When the process is complete, an RTBF activity icon appears under the Activities tab in Archive Console.

            Note
            Note Purge queries only objects archived as root objects. RTBF can target root objects and child records.

            RTBF Request Example

            A former employee, Maria Johnson, submits an RTBF request to delete all personal data from your system. Your company archives employee records along with their email correspondence, customer interactions, and project assignments. To follow the RTBF request, use this filter criteria.

            Object Field Name Value
            Contact Email Maria@own.com
            Case Employee ID 987654321
            Task Assigned To Maria Johnson
            Email Sender Maria@own.com
            Document Owner Maria Johnson

            This request ensures the complete removal of Maria's data, including her contact information, cases she was involved in, tasks assigned to her, and all email and document records linked to her. This process helps maintain compliance with data privacy regulations while ensuring a thorough and accurate deletion of sensitive information.

            API Methods and Response Handling

            Note
            Note Verify that the Filter Criteria are specific so you don't unintentionally remove records.

            We recommend validating your criteria by running the query on the Data Query SDK before submitting the RTBF request.

            Input Output Definition
            ArchiverAccessorResponse
            • ArchiverAccessorResponse.getBody();

              String that contains the requestId for follow up.

            • ArchiverAccessorResponse.getStatusCode();
            • ArchiverAccessorResponse.getErrorMessage();
            		 The response from the Forget API call. Returns a requestId to track the status of the request by using the getRTBFStatus method.
            Criteria(string sObjectName, string fieldName, string value)    
            forgetArchivedRecords(list<Criteria> inputFilters) ArchiverAccessorResponse Public method that creates a Forget request to Archive and a list of criteria to delete.
            getRTBFStatus(string requestId) A CSV report containing all the details of the information that was deleted. Public method that gives you the ability to follow up with your RTBF request.

            Archive SDK—Run a RTBF Request

            Manually test the Archive SDK and run a RTBF request in the Archive app.

            1. Click the Settings icon.
            2. Select Developer Console.
            3. To open the console, press F12 or Ctrl+Shift+I on Windows, or Cmd+E on Mac.
            4. In the console, execute this code to create a criteria list, send a RTBF request, and get the requestId from Archive. 
              SF_Archive.Criteria criteria1 = new SF_Archive.Criteria('Account', 'Name', 'example name');
list<SF_Archive.Criteria> lst = new list<SF_Archive.Criteria>();                        
lst.add(criteria1);                        
SF_Archive.ArchiverAccessorResponse response =                        
SF_Archive.ArchiverAccessor.forgetArchivedRecords(lst);                        
Map<String, String> values = (Map<String,                        
String>)JSON.deserialize(response.getBody(), Map<String, String>.class);                        
String requestId = values.get('request_id');                    
system.debug(requestId);
            5. Click Execute.

              The request begins. When completed, the requestId is stored in the Execution Log.

            View the Status of the RTBF Request

            After you send a RTBF request, you can view the status of the request.

            1. At the top-right of the page, click the Settings icon.
            2. Select Developer Console.
            3. Press Command + E.
            4. Using the requestId for your RTBF request, run this code. 
              SF_Archive.ArchiverAccessorResponse reportResponse =
SF_Archive.ArchiverAccessor.getRTBFStatus(requestId);                            
system.debug(reportResponse.getBody());
            5. Click Execute.
              The status request begins. When completed, one of these statuses is displayed in the Execution Log.
              • Request failed, please contact support.

                The request was unsuccessful and failed.

              • Request handled, no matching results were found.:

                There were no records matching the specified criteria.

              • Request is open. Scan is still in progress.

                The request is still in progress.

            When the request finishes successfully, you receive a CSV report containing all the details of the information that was deleted.

            The CSV report contains this information.

            Field Description
            Criteria Record The record field that matches the deletion criteria of the request.
            Criteria Record Type The criteria of the request.
            Related Salesforce ID That Provoked Deletion The row that's referred to by another record in the table that also matches the criteria.
            Salesforce ID The ID of the record contained in the report row.
            Status Indicates if the record was deleted or not.

            RTBF Common Errors

            Invalid Criteria

            • Field must match an object.
            • No more than one criteria with the same object is allowed.
            • You can send up to 10 criteria per request.

            No Results

            • Value can't be partial.
            • Criteria must be of record type that has been archived.

            For example, if you have an Account with ID X and you archived the cases belonging to that ID, you must exclude cases belonging to that Account. To achieve this, create this filter criteria.

            Object type: Case, field: AccountId, value: X
            Note
            Note The common mistake is creating this filter criteria. 
            Object type: Account, field: Id, value: X
            This criteria doesn't delete anything because Archive doesn't have the relevant Account.

            Archive SDK—RTBF Use Case Scenarios

            Use case scenarios for RTBF in the Archive app.

            Scenario 1: RTBF with Multiple Objects

            Jane Doe is a customer of XYZ Bank, where she has had an account for the past 2 years. Recently, she decided that she wants to exercise her RTBF under the General Data Protection Regulation (GDPR). Jane believes that the bank holds unnecessary personal data about her and wants it erased from their records.

            Jane submits her RTBF request to XYZ Bank and specifies the personal data that she wants erased, which can include account information, transaction history, and any other personal data held by the bank. The bank proceeds to identify and locate Jane's personal data.

            RTBF Request
            Criteria Filter Filter Filter Filter
            Object Account Transaction_c Case Email
            Field Name Name Transaction user Customer Name From
            Value Jane Doe Jane Doe Jane Doe Jane Doe

            The RTBF request can contain up to 10 separate objects.

            Results:

            Archive finds 1 Account, 2,000 Transactions, 15 Cases as roots, and 30 emails.

            Scenario 2: RTBF Single Object

            A pharmaceutical company released an experimental drug, Eddy's Elixirs, to treat arthritis. However, it resulted in severe adverse reactions among patients. After recalling the drug, the company submitted a RTBF request to remove all public records and digital content related to Eddy's Elixirs.

            RTBF Request
            Criteria Filter
            Object Case
            Field Name Drug Name
            Value Eddy's Elixirs

            Results:

            Archive finds 1,000 Cases as roots and 1,000 patient records archived underneath the root as child records. It removes them all.

            One Activity is created in the Archive Console Activities tab, showing the RTBF icon.

            Scenario 3: RTBF Over 10,000 Root Records Found

            Emily Jones, a regular user of a popular social media platform called ConnectWorld, deactivates her account and requests to exercise her RTBF under data protection regulations.

            RTBF Request
            Object Filter Filter Filter
            Object User Account Contact Case
            Field Name Name Phone Related Id
            Value Account id For Emily Jones Emily's phone number Account Id For Emily Jones

            Results:

            Archive finds 20,000 root Case records, 300,000 Contacts and 10,000 Cases as roots, and 150,000 Contacts archived underneath the root as child records are removed.

            One Activity is created in the Archive Console Activities tab, showing the RTBF icon.

            getRTBFStatus returns a status code 200 with the error message "Request processed. Maximum search results reached. Refine your search or submit a new request to see more records".

            Archive can only process up to 10,000 root records per RTBF SDK request. To solve this error, run the query again to retrieve the remaining records.

            Archive SDK—Anonymize PII in the Archive App

            Anonymize personally identifiable information (PII) in archived records without deleting the record itself. Anonymization replaces sensitive values with irreversible placeholders to help you comply with privacy regulations while retaining the record structure of the Archive app.

            Anonymization, also known as masking, helps you comply with privacy requests, such as the Right to Be Forgotten (RTBF). This process performs an in-place update on archived records. Unlike a purge action, which permanently deletes data, anonymization replaces specific sensitive values with generic text, such as redacted@example.com.

            Note
            Note This feature is available only through the Archive SDK. It isn't available in the UI.

            How Anonymization Works

            The system detects PII fields, such as Name, Email, Phone, and Address, by using object metadata. When you submit a request, the system masks original PII values with irreversible placeholders. Non-PII data, such as record IDs and timestamps, remains unchanged and searchable.

            Anonymization is comprehensive. When you anonymize a root record, the anonymization process automatically cascades to all related child records within the same archived hierarchy. For example, anonymizing a Contact record also anonymizes PII in that record’s related Tasks and Events.

            Important Considerations

            • The anonymization process is permanent. You can't recover or view original PII values after anonymization.
            • You can anonymize a record only one time. If you submit a duplicate request for an anonymized record, the system ignores it.
            • Anonymization shares the standard Archive RTBF rate limit of 10,000 requests per organization per day.
            • You can't manually select fields to anonymize. The system identifies PII fields automatically based on the Recover algorithm.
            • You can't anonymize records that are legally held. The system automatically excludes records currently under legal hold or retention lock.

            See Also

            Submit an Anonymization Request

            Define your target criteria and submit an anonymization job by using the SF_Archive.ArchiverAccessor Apex class.

            Make sure that you meet these requirements.

            • The user running the Apex code has permission to access the SF_Archive namespace.
            • Access to the Developer Console or an IDE to run Anonymous Apex.
            1. Open the Developer Console or your preferred Apex execution tool.
            2. Open an Execute Anonymous window.
            3. To define the criteria and submit the request, run this code. This code block anonymizes the email address field on a Contact record. 
              // 1. Define the criteria for the records to anonymize.
// Syntax: new Criteria('ObjectAPIName', 'FieldAPIName', 'ValueToMatch');
List<SF_Archive.Criteria> criteriaList = new List<SF_Archive.Criteria>();

// Example: Anonymize a specific Contact by Email
criteriaList.add(new SF_Archive.Criteria(
  'Contact',
  'Email',
  'mickey.mouse@example.com'
));

// 2. Submit the anonymization request.
SF_Archive.ArchiverAccessorResponse response = SF_Archive.ArchiverAccessor.maskArchivedRecords(criteriaList);

// 3. Process the response to get the request ID.
Map<String, String> values = (Map<String, String>)JSON.deserialize(response.getBody(), Map<String, String>.class);
String requestId = values.get('request_id');

// Output the request ID for tracking.
System.debug('Anonymization Job Submitted. Request ID: ' + requestId);

            Verify Anonymization Status

            Check the status of your anonymization job and generate an audit report by using the request ID generated during submission.

            Anonymization is an asynchronous process. After you submit a request, use the returned request ID to track its progress and verify the results.

            1. To check the anonymization job status, run this code in the Execute Anonymous window. 
              // Paste the Request ID found in the Debug Log from the anonymization request.
// Example: String requestId = '0Qn5e000000abcD';
String requestId = 'YOUR_REQUEST_ID_HERE';

// Check the status.
String statusResponse = SF_Archive.ArchiverAccessor.getMaskingStatus(requestId);

System.debug('Anonymization Job Status: ' + statusResponse);
            2. To generate an audit report after the anonymization job is complete, run this code in the Execute Anonymous window. 
              String requestId = 'YOUR_REQUEST_ID_HERE';
String report = SF_Archive.ArchiverAccessor.getMaskingReport(requestId);
System.debug('Anonymization Audit Report: ' + report);

            Anonymization Results

            Review how PII fields appear after the anonymization process is complete. When the job status is HANDLED, the system updates the archived data immediately.

            • Searches that use the original PII like an email address return no results.
            • Searches that use non-sensitive identifiers like a record ID return the anonymized record.
            • When you view the record via Search, Export, or Unarchive, PII fields show placeholder values.
            Field Original Value Anonymized Value
            Name Mickey Mouse redacted_first_name
            Email mickey.mouse@example.com redacted@example.com
            Phone +1-415-555-1234 000-000-0000
            ContactId 003XX0000123AbC 003XX0000123AbC
             
            Loading
            Salesforce Help | Article