Data Deletion Request: Frequently Asked Questions

About this FAQ

This page answers common questions about submitting a data deletion or erasure request to SSL.com under the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA), the LGPD, and similar privacy regulations. If your question is not answered here, contact our privacy team at privacy@ssl.com.

Submitting a request

How do I submit a data deletion request?

Email privacy@ssl.com or support@ssl.com and clearly state that you are requesting deletion of your personal data. You can also reach our privacy team through the live chat on ssl.com.

What information will you need to verify my identity?

To protect your account, we will ask you to confirm two of the following three identifiers:

• The email address associated with your SSL.com account

• Your Account ID

• An Order ID for any certificate purchased on the account

We do not accept the personalized display name on its own, and we do not verify identity by phone for deletion requests.

The process

What happens after I submit?

1. You receive an acknowledgment from our privacy team within 1 to 2 business days.

2. We ask you to confirm your identity using the identifiers above.

3. Once verified, we review the data we hold against our retention obligations.

4. We either complete the request or explain why we cannot at this time. You will receive a written response either way.

How long does the process take?

We aim to complete most requests within 5 business days of receipt. Some cases may take longer if technical or legal retention obligations apply, and we will keep you informed if that is the case.

What we can delete

What kinds of data does SSL.com hold about me?

Depending on your activity with us, we may hold certificate order information, identity verification records and supporting documents, and support correspondence.

Why might my request be denied?

As a publicly trusted Certificate Authority, SSL.com is required to retain certificate validation records and related data for a minimum of 2 years following certificate expiration or revocation. This obligation is established by the CA/Browser Forum Baseline Requirements and reflected in SSL.com‘s Certificate Policy and Certification Practice Statement (CP/CPS), sections 5.4.3 (Retention Period for Audit Log) and 5.5.2 (Retention Period for Archive).

If your account contains active certificates, or certificates that expired or were revoked within the past 2 years, we are required to retain your data until that retention window has elapsed. Once your certificates fall outside this retention window, your data will become eligible for deletion.

What if I believe my request was denied in error?

Reply to the response we send you and explain the circumstances. Our privacy team will escalate the case for further review.

Related rights

Can I request access to or correction of my data instead of deletion?

Yes. Requests to access or correct your personal data follow a separate workflow. Email privacy@ssl.com and clearly state which right you are exercising.

Special situations

What if I receive a notice about an SSL.com account I did not create?

Contact us immediately at privacy@ssl.com or support@ssl.com. This may indicate a security event that requires verification before we can act. The sooner we are aware, the sooner we can investigate.

What if I do not reply to your verification request?

We will send a follow-up after 7 days of no response. After 14 days with no reply, we will close the request. You can submit a new request at any time.

Contact

Privacy team: privacy@ssl.com