GA4 supports user deletion requests, but the operational scope is wider than one API call. You may need to identify multiple user identifiers, remove data from exported systems separately, and coordinate with privacy or legal teams on the process that applies to your business.
What GA4 data deletion actually covers
GA4 provides aUser Deletion APIthat accepts a User-ID or Client-ID and schedules that user's data for removal from GA4 reporting. The deletion is not immediate. Google states it can take up to 63 days for data to be fully removed from all storage systems, including backups. Treat deletion as one part of broaderGDPR compliance for GA4, not as a standalone control.
Critically, the GA4 deletion API only covers data stored in Google Analytics. If you have exported GA4 data toBigQuery, you must delete the relevant rows from your BigQuery dataset separately. If you have usedserver-side tagging or the Measurement Protocolto send custom user data, that data may also exist in other systems you operate. UK-based properties also need to align this withUK PEC regulations.
Identifiers GA4 can delete
The GA4 User Deletion API accepts three types of identifiers: Client ID (the_gacookie value), User ID (if you implemented User-ID tracking), and App Instance ID (for Firebase/mobile). You must know which identifier(s) are associated with the requesting user in order to submit the deletion request.
If you do not store Client IDs in your own database, you may be unable to identify the correct GA4 identifier for a given user. This is a common gap that should be addressed in your data architecture before you receive a deletion request, not after. Deletion windows interact with how long GA4 keeps user-level analysis data in the first place, so review yourGA4 data retention settingsalongside this process.
Receive and log the request
Record the request date, requester identity, and the identifier type they provide (email, account ID, etc.).
Identify GA4 identifiers
Look up the Client ID and/or User ID associated with the requesting user in your CRM, database, or authentication system. If you do not store the identifier you need, document that limitation and escalate it through your privacy process.
Submit GA4 user deletion API request
Use the GA4 User Deletion API (v1beta) with the identified Client ID or User ID. The API requires OAuth2 authentication with the analytics.user.deletion scope.
Delete from BigQuery
If GA4 data is exported to BigQuery, run DELETE queries across all event tables for the user's pseudo_user_id or user_id. Partition pruning is critical for performance on large datasets.
Delete from other downstream systems
Audit any other systems that received GA4 data: data warehouses, BI tools, marketing platforms, or backups. Each must be handled separately.
Confirm and respond to the user
Confirm internally that the deletion workflow was completed and use your approved privacy process for any customer-facing response.
GDPR erasure request compliance checklist
- Process exists to receive and log erasure requests
- Client IDs stored in your own database for lookup
- GA4 User Deletion API integrated or documented
- BigQuery deletion procedure documented and tested
- Response sent to user within 30-day window
- Deletion confirmed across all downstream systems
- Deletion activity logged in data processing records
- Backup deletion procedure documented
Data deletion compliance action plan
Validate
- Confirm Client IDs are stored in your user database at registration or first session
- Verify the GA4 User Deletion API is accessible with valid OAuth2 credentials
- Check whether GA4-to-BigQuery export is active and which tables contain user-level data
- Confirm a documented procedure exists for handling deletion requests end-to-end
Fix
- Add Client ID capture to your registration/login flow and store against the user record
- Implement or document the GA4 User Deletion API call process
- Write and test BigQuery DELETE queries for pseudo_user_id across event tables
- Create an internal deletion-request SOP with ownership, approvals, and escalation points
Watch for
- Erasure requests received with no linked Client ID in your system
- BigQuery event tables containing user email or other PII not covered by GA4 deletion
- Retention settings or export practices that do not match your documented privacy controls
- <strong>Measurement Protocol</strong> events containing raw email addresses sent to GA4
Related guides to read next
GDPR and GA4 Compliance
Full overview of GDPR obligations for GA4 implementations, from consent to data processing agreements.
Consent Mode: Analytics vs Ads
How Consent Mode v2 affects data collection and what you lose without it.
GA4 Data Hygiene Audit
Identify and remove PII, spam, and low-quality data from your GA4 property.
Review deletion-process gaps before they become a live request problem
GA4Audits can help surface privacy-related analytics issues, but deletion workflows still need input from qualified privacy, engineering, and analytics owners.