GDPR-Compliant Catalogs

This article describes how to make your FatStax catalogs GDPR-compliant.  Contact your Customer Success team for additional details. Please see our Privacy Policy for more details on the information we retain and process.

GDPR-Enabled Catalog Checkbox

Every catalog has a flag to mark it as a GDPR-enabled catalog. This flag is accessible on the Catalog settings page in CloudStax for administrators. Setting this flag will trigger an automated process that assesses every lead passed to the site from mobile devices.  A lead from FatStax is when content is sent to a prospect's email address. Deciding to flag a catalog as GDPR is the decision of the company administrator. FatStax does not have the necessary information to make those decisions.

Anonymizing Prospect's Personal Information

An automated anonymization process will identify those leads not marked as Opt In. Email, Name, Phone are the primary fields whose content will be Redacted for those leads. The anonymization process will permanently change records within the database. There is no recovery option. This will also remove the information on all reporting screens and report exports. The events with the Redacted fields will still show anonymized events type and item details without contact information. Contact information on Sent Stacks will also be redacted and not available to view for administrators or users.

Device-based Opt-in

Administrators will need to add a custom contact field to each catalog to show the OPT-IN selector on the Contact Popup on Device and publish the catalog to enable mobile and web users to see and utilize the field when sending an email.  Administrators can label the custom field as needed according to their own policies.

Customers are able to populate emails with FatStax information and contact information and send through their device's default email app with or without the OPT-IN selected. However, non-OPT-IN personal information will be REDACTED when passed to CloudStax servers.


Any catalogs with connectors to other systems, such as Salesforce or Hubspot, will prevent non Opt-in leads from prospects from being passed to those systems. Leads marked as Opt-In by the Customer will be processed as normal.

Request to be forgotten

FatStax will respond to requests to forget a prospect's personal data and prevent that data from being stored in the future. An individual's contact information will be placed on the server-based Blacklist to anonymize any future contact information matching the information on the Blacklist. Catalog administrators can add to the Blacklist which will then trigger the anonymization process. Contact us using the contact information listed in the Privacy Policy for more information or requests.  

Additional Considerations

  • The anonymization process will replace all personally-identifiable prospect contact information. There is no recovery.
  • GDPR-flagged catalogs have the same rules applied to any leads regardless of contact address or country. If you prefer to have separate Catalogs for non-GDPR regions, then please contact our Customer Success team.

Future Updates

FatStax understands the importance of complying with and helping our customers comply with privacy regulations and will evolve the platform as our customers need.  Please contact us if you have specific questions or circumstances that are not covered by our stated policies.