Skip to main content

// Last updated: 16 June 2026

Data deletion.

How to request deletion of any personal information Nathan Schram Digital holds about you. Plain English, clear timelines.

Overview

You can ask us to delete personal information we hold about you at any time. This page explains how, what happens after you ask, and where you fit in depending on your relationship with us.

Full context on what we collect, why, and how it's handled is in our privacy policy. The contractual relationship behind it is set out in our Terms of Service. This page focuses on one thing: how you exercise your right to erasure.

Who this applies to

Which path applies depends on how your data reached us:

  • Prospects and clients — you emailed us, booked a call, filled in a form, or engaged us for consulting work. We hold your business contact details and correspondence.
  • End users of a client's website or app — you visited or interacted with a site operated by one of our clients. Some of that interaction data may flow to our analytics warehouse while we work for that client.
  • Facebook or Instagram users — you interacted with a Facebook Page, Instagram Business account, or ad campaign operated by one of our clients, and that interaction data was accessed by us through Meta's Graph API under a partner-access grant from the client.
  • LinkedIn users — your interaction data, conversion data, or Lead Gen Form submissions appear in advertising campaigns we manage on behalf of a client.
  • Google platform users — you interacted with a client's website, Google Ads campaign, or Google Business Profile listing, and that interaction data reached us through Google Analytics, Google Ads, Search Console, or the Business Profile API under access the client granted.
  • TikTok users — you interacted with a TikTok ad or a TikTok Business Account operated by one of our clients, and that interaction data was accessed by us through TikTok's Marketing or Organic APIs under a Business Center partner-access grant from the client.

How to request deletion

Send us an email

Email privacy@nathanschram.com with the subject line "Data deletion request". Include enough detail for us to find your data:

  • If you're a prospect or client: your name, the email address you've used with us, and (optionally) the name of the engagement.
  • If you're an end user of a client's site or app: the name or URL of the client's site, the approximate date range you interacted with it, and any identifier you have (email, account username, order number). Where possible, it's faster to contact the client directly first — they're the data controller, and they'll usually ask us to action deletion alongside their own records.
  • If you're a Facebook or Instagram user: the Facebook Page name, Instagram handle, or business whose ads you interacted with, plus your Facebook user ID if you have it (how to find your Facebook user ID). We'll locate any data held about you in our analytics warehouse and custom audiences, and pass your request to the client as the primary controller.
  • If you're a LinkedIn user: the LinkedIn Company Page name or business whose ads you interacted with, your LinkedIn member URL or member ID if you have it, and any Lead Gen Form submission ID if you submitted one. We'll locate any data held about you in our analytics warehouse and custom audience exports, and pass your request to the client as the primary controller.
  • If you're a Google platform user: the name or URL of the client's site or their Google Business Profile listing, the approximate date range, and any identifier you have. We'll locate any data held about you in our analytics warehouse and Customer Match audiences, and pass your request to the client as the primary controller.
  • If you're a TikTok user: the TikTok Business Account handle, or the business whose ads you interacted with, the approximate date range, and any identifier you have. We'll locate any data held about you in our analytics warehouse and pass your request to the client as the primary controller.

We don't require a form

There's no portal, no template, no account to sign up for. A plain email is enough. If the detail we need to locate your data isn't in the first message, we'll reply asking for what's missing.

Identity verification

We may ask you to verify your identity before actioning the request — for example, by replying from an email address we already have on file, or by confirming a detail only you would know. This protects you from someone else requesting your data be deleted.

Timeline

  • Acknowledgment: within 5 business days of receiving your request.
  • Live-system deletion: within 30 days of acknowledgment. Your data is removed from our active analytics warehouse, contact records, correspondence stores, and any running Meta custom audiences.
  • Backup deletion: within 90 days. We hold rolling daily backups for operational resilience; your data ages out of the backup window within 90 days of live deletion. Backups are not read or queried — they exist only for disaster recovery.
  • Written confirmation: we'll send you a final email once deletion is complete, noting what was removed and any data we were legally required to retain.

What gets deleted

Depending on your relationship with us, this can include:

  • Email correspondence (inbound and outbound) in our mailbox.
  • CRM / contact records (name, business name, email, phone).
  • Booking and call-scheduling records.
  • Any rows in our analytics warehouse that reference you directly — for example, a hashed user ID matched to a Meta custom audience entry, a pixel event tied to your browser, or a GA4 user-property value.
  • Your membership in any Meta custom audience we manage on a client's behalf.
  • Any screenshots, reports, or exports we've generated that include your data.

What can't be deleted

Some data must be retained for legal or operational reasons. We'll always tell you specifically what falls into this category when we confirm your deletion. The usual categories are:

  • Tax and accounting records — invoices, receipts, and associated correspondence, retained for 7 years under Australian tax law (ATO record-keeping requirements).
  • Legal and compliance records — data we're required to hold under a subpoena, court order, regulatory request, or active dispute.
  • Aggregate, anonymised analytics — counts and totals that no longer identify you individually (e.g. "123 visitors came from Sydney in March"). This data is already de-identified and doesn't fall under deletion rights.
  • Data held by the client, not us — we process some data on behalf of clients who are the primary data controllers. If the data lives in the client's Meta Business Portfolio, Google Analytics property, CRM, or email system, deletion must be actioned on the client's side. We'll pass your request to them and support the flow from our end, but we can't delete data we don't hold. The split between data we hold and data the client controls is described in our Terms of Service §3.

A note for Facebook and Instagram users

We access Meta platform data (Facebook Page insights, Instagram Business insights, Ads Manager performance, custom audiences, pixel events) only under a partner-access grant from one of our clients — we don't collect it directly from you, and we don't have a direct commercial relationship with you. When you send us a deletion request:

  1. We locate any entries in our analytics warehouse that reference your Facebook user ID or a hashed identifier matched to you, and delete them within the timeline above.
  2. We remove you from any Meta custom audience we manage on a client's behalf, via Meta's standard remove user Graph API call.
  3. We notify the client that a deletion request was actioned on their asset, so they can review their own records and audit logs.
  4. Where the underlying data lives in the client's own Meta Business Portfolio (most Page insights, ad-level data, message threads), we forward your request to the client as the primary controller.

You can also manage your Facebook and Instagram data directly with Meta at Meta's own data deletion request form — that route doesn't involve us at all, and is appropriate if you want Meta itself to action deletion across its platform.

Clients revoking via Facebook Business Settings

If you remove the NSD Content Feed app from your Meta Business Settings, your access tokens are immediately invalidated by Meta — our automated jobs stop fetching content from your account on their next scheduled run.

Within 7 business days, NSD will:

  • Delete the invalidated tokens from our secrets manager.
  • Confirm token removal via email to your registered contact.

The post images, captions, and permalinks already written to your website's repository remain in place (these are your property in your repository). If you also want those removed, please ask via privacy@nathanschram.com and we will commit a reset to placeholder content in the next cron run.

A note for LinkedIn users

If you have interacted with a LinkedIn ad we manage on behalf of a client, or submitted a LinkedIn Lead Gen Form connected to one of our managed campaigns, the personal data involved is owned and controlled by the client (the advertiser). We act as a processor.

When we receive a deletion request from a LinkedIn user:

  1. We locate any rows in our analytics warehouse keyed by your LinkedIn member identifier or by Lead Gen Form submission ID.
  2. We delete those rows and remove you from any custom audience exports that have already been pushed to LinkedIn Campaign Manager via the Marketing API.
  3. We notify the relevant client and forward your request to them as the primary controller of the data.
  4. We log the deletion in our audit trail.

You can also submit a deletion request directly to LinkedIn via LinkedIn's data request process, or revoke any specific consent you previously granted via the advertiser's own preferences flow.

The same 5 / 30 / 90 day timelines described above apply.

A note for Google platform users

We access Google platform data (Google Analytics 4, Google Ads, Search Console, Tag Manager, and Google Business Profile) only under access a client has granted us — we don't collect it directly from you, and we don't have a direct commercial relationship with you. The client is the primary data controller; we act as a processor. When you send us a deletion request:

  1. We locate any rows in our analytics warehouse keyed to you — for example, a GA4 user identifier, a hashed Customer Match entry, or a conversion record tied to your interaction — and delete them within the timeline above.
  2. We remove you from any Google Ads Customer Match audience we manage on a client's behalf.
  3. We notify the relevant client and forward your request to them as the primary controller, since most underlying data (GA4 property data, Ads account data, Business Profile reviews and messages) lives in the client's own Google account.
  4. We log the deletion in our audit trail.

You can also manage your data with Google directly: review and delete your own activity at myactivity.google.com, and use Google's account-level controls for Analytics and Ads personalisation. If your request concerns a Google Business Profile review or message you left for a client, you can edit or delete it from your own Google account, which removes it at the source.

The same 5 / 30 / 90 day timelines described above apply.

A note for TikTok users

We access TikTok platform data (TikTok ad performance, and TikTok Business Account and video insights) only under a Business Center partner-access grant from one of our clients — we don't collect it directly from you, and we don't have a direct commercial relationship with you. Our access is read-only: we read performance and insights data for reporting; we do not run a TikTok Pixel, send conversion events, or build or upload custom audiences. The client is the primary data controller; we act as a processor. When you send us a deletion request:

  1. We locate any rows in our analytics warehouse that reference your TikTok identifier and delete them within the timeline above.
  2. We notify the relevant client and forward your request to them as the primary controller, since the underlying data (ad-level data, account and video insights) lives in the client's own TikTok Business Center and ad accounts.
  3. We log the deletion in our audit trail.

You can also manage your data directly with TikTok via TikTok's own privacy and data-request settings. Because our TikTok integration is read-only reporting, there are no TikTok custom audiences held by us to remove (unlike our Meta / LinkedIn / Google integrations).

The same 5 / 30 / 90 day timelines described above apply.

If you're not satisfied

If we decline to action a request, or if you believe we haven't completed one properly, you can:

  1. Reply to our confirmation email explaining what's still outstanding — we'll investigate and respond within 30 days.
  2. Escalate to the relevant data protection authority:

Contact


For anything this page doesn't cover, the privacy policy is the source of truth on data handling, and our Terms of Service governs the contractual relationship. If anything is unclear, or you'd like us to walk you through a specific scenario, get in touch — we're happy to help.

// Other legal

// Last updated: 16 June 2026 · Get in touch →