Confidential Dispatch

Data deletion request template (DPDP erasure request)

5 min readUpdated 2026-07-18
On this page
  1. 01What this template is (and when to use it)
  2. 02The template — copy and fill in
  3. 03How to fill it in
  4. 04What this template doesn’t cover
  5. 05FAQ
At a glance

This is a free, ready-to-fill request you can send to any company to erase your personal data under India’s DPDP Act. It covers what a valid request needs: who you are (with the identifier the company knows you by), what you want erased, consent withdrawal where that applies, a request for written confirmation, and the escalation route if they don’t act. Fill in the bracketed fields and send it to the company’s grievance or privacy contact.

Educational resource only. This provides a template for exercising the right to erasure under India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and its Rules; it is not formal legal advice.

The situation

Asking a company to delete your data sounds simple until you write the email: who do you address it to, what do you cite, and how do you stop them ignoring it? A vague “please delete my account” is easy to close as a support ticket without anything actually being erased. This template makes the request precise — the right recipient, the right identifiers, a clear scope, and the follow-through the company is obliged to respect.

What this template is (and when to use it)

The DPDP Act gives you the right to have personal data you consented to erased once it’s no longer needed — this template is the request that exercises it. The right to erasure (Section 12) covers personal data a company processes on the basis of your consent, including data you provided voluntarily for a purpose. Use this template when you’ve stopped using a service, want your data gone after a purpose ended, or simply want to withdraw consent and clear what a company holds. Companies must publish how to reach them for rights requests and which identifiers they need — look for the grievance or privacy contact in their app, site or privacy policy, and send this there.

And if you’re the business rather than the requester: this is the shape of request your own rights process must be ready to receive — the companion guide on building a rights-request process walks through handling it.

The template — copy and fill in

Copy everything below, replace the bracketed fields with your details, and delete any line that doesn’t apply to you.

Subject: Request for erasure of my personal data — [Your full name]

To: The Grievance Officer, [Company / service name]

I am a user of [service], identifiable in your records by [identifier].

1. Erasure request. Under Section 12 of the Digital Personal Data Protection Act, 2023, I request that you erase [scope of data].

2. Withdrawal of consent. To the extent your processing of my personal data relies on my consent, I withdraw that consent with effect from the date of this request.

3. Third parties. Please ensure this erasure also covers any processors or third parties holding my personal data on your behalf.

4. Retained data. If any law requires you to retain any part of my data, please state specifically what you are retaining and under which legal requirement.

5. Confirmation. Please confirm in writing once the erasure is complete, within your published response time. I understand the DPDP Rules require a response within 90 days at most.

If this request is not resolved, I will escalate it as a grievance and, if necessary, complain to the Data Protection Board of India.

[Your full name] [Date] [Contact email / phone]

How to fill it in

Every bracketed field does specific work — the identifiers get your request matched to a record, and the scope decides what actually gets erased. Send it from the email or number the company has on record where you can; that alone answers most identity-verification questions.

  • [Company / service name] — and its Grievance Officer
    • What it means: Companies must name a grievance contact; the request should go there, not to a general support inbox.
    • Examples: The “Grievance Officer” or “Grievance Redressal” contact in the app’s help section or the privacy policy page.
  • [identifier]
    • What it means: Whatever the company knows you by — companies are required to state which identifiers they need to locate your record, so match theirs.
    • Examples: Registered mobile number, account email, customer ID, order number.
  • [scope of data]
    • What it means: What you want erased — the wider the scope, the clearer you should state it.
    • Examples: “All personal data you hold about me”; “my KYC documents submitted for [purpose]”; “my delivery addresses and saved payment details.”
  • [Date]
    • What it means: The date you send it — this starts the clock you can hold them to.
    • Examples: The email’s send date; for a printed letter, the date of dispatch.

What this template doesn’t cover

A valid request doesn’t guarantee total erasure — and this template isn’t legal advice. A company may lawfully retain data that another law requires it to keep (tax records, KYC held under financial regulations) or that a court order covers — that’s exactly what point 4 makes them state rather than hide behind. The template also doesn’t cover correcting inaccurate data (a different request under the same Section), account deactivation mechanics inside an app, or complaints about a breach. If the company ignores or refuses the request without a lawful reason, the escalation path — its grievance process first, then the Data Protection Board of India — is a separate step this template only sets up.

FAQ

Can a company refuse to delete my data?

Only where a law requires it to retain the data, or a court order applies — and it should tell you specifically what it’s keeping and why. Outside those grounds, erasure of consent-based data once its purpose is served is your right, not a favour.

How long does the company have to respond?

The DPDP Rules cap responses to rights requests at 90 days, and many companies publish shorter timeframes. The clock argues for sending a dated, written request rather than raising it verbally.

What if I get no response?

Escalate through the company’s own grievance process first — the Act expects that step — and if it stays unresolved, complain to the Data Protection Board of India.

Is deleting my account the same as erasure?

Not necessarily. Account deletion removes your access; the company may still hold your data behind it. This request targets the data itself, which is why it asks for written confirmation of erasure.

Reviewed by Confidential Dispatch Editorial Team
Last updated 18 July 2026
Not legal advice.

Collecting personal data from your own customers?

These are the rights your business has to honour. See where you stand with a two-minute self-check — no sign-up, no data stored.

Run the compliance self-check →