Skip to content

GDPR Data Management

As of 25 May 2018, the European Union's General Data Protection Regulation (GDPR) will be the new primary law regulating how companies have to treat and protect the personal data of EU residents.

Retailers most likely store personal information about their visitors in their own systems. However, as Apptus eSales Enterprise manages behavioural data, it also makes a retailer's eSales implementation a part of a retailer being overall compliant with the new legislation.

Apptus eSales Enterprise and GDPR

The two most notable points for retailers regarding GDPR compliance when using Apptus eSales Enterprise are the following:

  • Never create and use customer keys based on personal information such as user names or email addresses.
  • Plan for how to manage and use the GDPR API to export, download, and remove behavioural data.

Personal data

Apptus eSales Enterprise primarily stores personal data in the form of the customerKey and the sessionKey of visitors, where the keys can be associated with clicks and purchases. A sessionKey can associate with multiple customerKey values.

IP-addresses are not stored persistently in eSales Enterprise. An address is only stored temporarily in the memory of an active eSales instance until a newer request from the same user agent is made, or if an instance is reset during an upgrade or reboot. A maximum of 1000 IP-addresses are stored simultaneously. For internal troubleshooting purposes, a customerKey and a sessionKey can be connected to an IP-address during the temporary storage of the IP-address.

The customerKey and sessionKey data are stored for 1 year and are then automatically removed by eSales. They can be removed earlier with the GDPR API and the Remove Customer Data end point. The automatic removal time can be configured to run at shorter or longer intervals. For more information about configuring automatic removal times, contact Apptus Support.


The GDPR API is part of the Apptus eSales Enterprise Web API. It is used to execute queries enabling functions supporting the Right to access, Right to portability, and the Right to be forgotten.

To be fully compliant with GDPR in regards to Apptus eSales Enterprise data, a retailer is likely to have to implement necessary functions for managing GDPR related requests from their visitors.

When executing queries with the GDPR API, basic HTTP authentication with eSales cluster credentials is required.

End points

More information

Please see the official GPDR homepage for more information regarding the European Union’s General Data Protection Regulation.

For more information regarding GDPR compliance with Apptus eSales without the Web API, please see Apptus Connector Docs for Java, .NET, or PHP.

To be GDPR compliant with regards to the Apptus eSales solution, information about data usage should be provided. A sample text for GDPR compliance to be published on a website using Apptus eSales Enterprise can be found below.

GDPR compliance sample text

Use of Apptus Technologies AB

This website uses Apptus eSales, an all-in-one AI-powered eCommerce optimisation 
solution from Apptus Technologies, Trollebergsvägen 5, 222 29 Lund, 
Sweden (Apptus).

The Apptus solution optimises our website to provide you as a customer with the 
best shopping experience possible. Apptus’ software, Apptus eSales, manages this 
by utilizing your actions on our webpage to be able to present you with the most 
relevant products based on your choices.

Apptus eSales collects pseudonymised information about your activity on our
website, processes it with algorithms and AI-technology and compares it with
what our other customers believe is of interest.

Go to to find more information about Apptus eSales and 
Apptus Technologies.

Last update: October 8, 2021
Back to top

This online publication is intellectual property of Apptus Technologies. Its contents can be duplicated in part or whole, provided that a copyright label is visibly located on each copy and the copy is used in conjunction with the product described within this document.

All information found in these documents has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither Apptus Technologies nor the authors shall be held liable for possible errors or the consequences thereof.

Software and hardware descriptions cited in these documents might be registered trademarks. All trade names are subject to copyright restrictions and may be registered trademarks. Apptus Technologies essentially adheres to the manufacturer’s spelling. Names of products and trademarks appearing in this document, with or without specific notation, are likewise subject to trademark and trade protection laws and may thus fall under copyright restrictions.