# Data Privacy

**URL:** https://heroiclabs.com/docs/nakama/getting-started/data-privacy/
**Summary:** The latest Nakama release and include features, improvements, and fixes.
**Keywords:** GDPR, privacy, user data
**Categories:** nakama, data-privacy, getting-started

---


# User Data Privacy

{{< note "error" "Warning!" >}}
The contents of this page are informational only and **do not** constitute legal advice.

Seek independent legal advice to understand your respective data protection obligations under the [GDPR](https://gdpr.eu/) or other applicable legislation.
{{< / note >}}

Depending on where your application servers and user base are located, it is likely there is an applicable data protection law in place, such as the European Union's General Data Protection Regulation (GDPR).

Either you as the developer, or your application itself, should be prepared to handle user requests under the applicable legislation. Some typical requests under such laws include:

- **Right to data**: Giving the user access to / copies of their data
- **Right to be forgotten**: Deleting the user's data upon their request

Nakama provides two options for addressing such requests: via the [Nakama Console](../console/) or functions in the [server runtime](../../server-framework/).

## Nakama Console

From the Console [Players](../console/#players) page you can find the corresponding ID for the user making the data request.

For _right to data_ requests, you can perform an _Export_ of all data for that user and share the resulting export via any desired medium.

For _right to be forgotten_ requests, you can delete all data corresponding to any particular user. A _recorded delete_ is recommended, recording the ID of the user so that it can be deleted once again in the event a data recovery from earlier backups is performed.

## Runtime functions

Where the Console method of handling user data requests is only available to internal administrators of your application, the functions exposed in the server runtime can be integrated directly into your application's UI. This enables users to obtain or delete their own data directly.

For _right to data_ requests the corresponding function is **[accountExportId](../../server-framework/typescript-runtime/function-reference/#accountExportId)**.

For _right to be forgotten_ requests the corresponding function is **[accountDeleteId](../../server-framework/typescript-runtime/function-reference/#accountDeleteId)**. Setting the `recorded` parameter to `true` is recommended, recording the ID of the user so that it can be deleted once again in the event a data recovery from earlier backups is performed.