Data deletion.

Overview

Who this applies to

Which path applies depends on how your data reached us:

• Prospects and clients — you emailed us, booked a call, filled in a form, or engaged us for consulting work. We hold your business contact details and correspondence.
• End users of a client's website or app — you visited or interacted with a site operated by one of our clients. Some of that interaction data may flow to our analytics warehouse while we work for that client.
• Facebook or Instagram users — you interacted with a Facebook Page, Instagram Business account, or ad campaign operated by one of our clients, and that interaction data was accessed by us through Meta's Graph API under a partner-access grant from the client.
• LinkedIn users — your interaction data, conversion data, or Lead Gen Form submissions appear in advertising campaigns we manage on behalf of a client.

How to request deletion

Send us an email

Email privacy@nathanschram.com with the subject line "Data deletion request". Include enough detail for us to find your data:

• If you're a prospect or client: your name, the email address you've used with us, and (optionally) the name of the engagement.
• If you're an end user of a client's site or app: the name or URL of the client's site, the approximate date range you interacted with it, and any identifier you have (email, account username, order number). Where possible, it's faster to contact the client directly first — they're the data controller, and they'll usually ask us to action deletion alongside their own records.
• If you're a Facebook or Instagram user: the Facebook Page name, Instagram handle, or business whose ads you interacted with, plus your Facebook user ID if you have it (how to find your Facebook user ID). We'll locate any data held about you in our analytics warehouse and custom audiences, and pass your request to the client as the primary controller.
• If you're a LinkedIn user: the LinkedIn Company Page name or business whose ads you interacted with, your LinkedIn member URL or member ID if you have it, and any Lead Gen Form submission ID if you submitted one. We'll locate any data held about you in our analytics warehouse and custom audience exports, and pass your request to the client as the primary controller.

We don't require a form

There's no portal, no template, no account to sign up for. A plain email is enough. If the detail we need to locate your data isn't in the first message, we'll reply asking for what's missing.

Identity verification

We may ask you to verify your identity before actioning the request — for example, by replying from an email address we already have on file, or by confirming a detail only you would know. This protects you from someone else requesting your data be deleted.

Timeline

• Acknowledgment: within 5 business days of receiving your request.
• Live-system deletion: within 30 days of acknowledgment. Your data is removed from our active analytics warehouse, contact records, correspondence stores, and any running Meta custom audiences.
• Backup deletion: within 90 days. We hold rolling daily backups for operational resilience; your data ages out of the backup window within 90 days of live deletion. Backups are not read or queried — they exist only for disaster recovery.
• Written confirmation: we'll send you a final email once deletion is complete, noting what was removed and any data we were legally required to retain.

What gets deleted

Depending on your relationship with us, this can include:

• Email correspondence (inbound and outbound) in our mailbox.
• CRM / contact records (name, business name, email, phone).
• Booking and call-scheduling records.
• Any rows in our analytics warehouse that reference you directly — for example, a hashed user ID matched to a Meta custom audience entry, a pixel event tied to your browser, or a GA4 user-property value.
• Your membership in any Meta custom audience we manage on a client's behalf.
• Any screenshots, reports, or exports we've generated that include your data.

What can't be deleted

Some data must be retained for legal or operational reasons. We'll always tell you specifically what falls into this category when we confirm your deletion. The usual categories are:

• Tax and accounting records — invoices, receipts, and associated correspondence, retained for 7 years under Australian tax law (ATO record-keeping requirements).
• Legal and compliance records — data we're required to hold under a subpoena, court order, regulatory request, or active dispute.
• Aggregate, anonymised analytics — counts and totals that no longer identify you individually (e.g. "123 visitors came from Sydney in March"). This data is already de-identified and doesn't fall under deletion rights.
• Data held by the client, not us — we process some data on behalf of clients who are the primary data controllers. If the data lives in the client's Meta Business Portfolio, Google Analytics property, CRM, or email system, deletion must be actioned on the client's side. We'll pass your request to them and support the flow from our end, but we can't delete data we don't hold. The split between data we hold and data the client controls is described in our Terms of Service §3.

A note for Facebook and Instagram users

We access Meta platform data (Facebook Page insights, Instagram Business insights, Ads Manager performance, custom audiences, pixel events) only under a partner-access grant from one of our clients — we don't collect it directly from you, and we don't have a direct commercial relationship with you. When you send us a deletion request:

1. We locate any entries in our analytics warehouse that reference your Facebook user ID or a hashed identifier matched to you, and delete them within the timeline above.
2. We remove you from any Meta custom audience we manage on a client's behalf, via Meta's standard remove user Graph API call.
3. We notify the client that a deletion request was actioned on their asset, so they can review their own records and audit logs.
4. Where the underlying data lives in the client's own Meta Business Portfolio (most Page insights, ad-level data, message threads), we forward your request to the client as the primary controller.

You can also manage your Facebook and Instagram data directly with Meta at Meta's own data deletion request form — that route doesn't involve us at all, and is appropriate if you want Meta itself to action deletion across its platform.

A note for LinkedIn users

If you have interacted with a LinkedIn ad we manage on behalf of a client, or submitted a LinkedIn Lead Gen Form connected to one of our managed campaigns, the personal data involved is owned and controlled by the client (the advertiser). We act as a processor.

When we receive a deletion request from a LinkedIn user:

1. We locate any rows in our analytics warehouse keyed by your LinkedIn member identifier or by Lead Gen Form submission ID.
2. We delete those rows and remove you from any custom audience exports that have already been pushed to LinkedIn Campaign Manager via the Marketing API.
3. We notify the relevant client and forward your request to them as the primary controller of the data.
4. We log the deletion in our audit trail.

You can also submit a deletion request directly to LinkedIn via LinkedIn's data request process, or revoke any specific consent you previously granted via the advertiser's own preferences flow.

The same 5 / 30 / 90 day timelines described above apply.

If you're not satisfied

If we decline to action a request, or if you believe we haven't completed one properly, you can:

1. Reply to our confirmation email explaining what's still outstanding — we'll investigate and respond within 30 days.
2. Escalate to the relevant data protection authority:
   • Australia: Office of the Australian Information Commissioner (OAIC) — 1300 363 992.
   • EU: your local data protection authority (list at edpb.europa.eu).
   • UK: Information Commissioner's Office (ICO).

Contact

• Email: privacy@nathanschram.com
• Post: Nathan Schram Digital, PO Box 5, Abbotsford VIC 3067, Australia

For anything this page doesn't cover, the privacy policy is the source of truth on data handling, and our Terms of Service governs the contractual relationship. If anything is unclear, or you'd like us to walk you through a specific scenario, get in touch — we're happy to help.