Profile Operations
This page covers the major operations that can be performed on profiles: merging duplicates, importing and exporting data, GDPR compliance (forget and delete), bulk operations, and account state management.
Merge
When duplicate profiles exist, they can be merged into a single profile. The merge transfers data from a source profile into a target profile.
What Gets Merged
| Data | Merge Behavior |
|---|---|
| Roles (journeys) | Selected context roles copied from source to target |
| Applications | Selected applications transferred to target |
| Campaign reports | Redirected from source to target |
| Event responses | Updated to reference target profile |
| Form submissions | Migrated to target, email references updated |
| Activity stream | Entries reassigned to target |
| Emails sent | Recipient lists deduplicated and updated |
| Tasks | Reassigned (target, creator, assignee fields) |
| Policy agreements | Transferred to target |
| Custom fields | Selected fields copied by name |
Merge Options
When merging, you can choose:
- Whether to delete the source profile after merge
- Which custom fields to copy from the source
- Which context roles (journeys) to transfer
- Which applications to transfer
- Additional field updates to apply after the merge
Deletion Safeguards
The source profile can only be deleted if it has none of the following:
- Experience entries (contracts)
- File uploads
- Letters
- Payment plans
- Transactions
- Transcripts
- Offers
If any of these exist, the source profile is kept after merge.
Audit Trail
Every merge is recorded in the activity stream, including the source profile's details for reference.
Import
Profile imports allow bulk creation and update of profiles from external data files.
Import Process
- Upload — Staff uploads a data file (CSV or similar)
- Column mapping — System auto-guesses column-to-field mappings; staff reviews and adjusts
- Validation — Each row is validated against the schema
- Processing — Rows are processed in configurable chunks (default: 100)
- Reporting — Results show created/updated counts with error details
Import Features
| Feature | Description |
|---|---|
| Auto-mapping | Column headers matched against schema field names |
| Schema-aware | Only fields in the institution's schema are importable |
| Permission filtering | Fields filtered by the importing user's permissions |
| Contact mode | Option to create profiles with the contact role |
| Error grouping | Similar errors aggregated with counts for batch reporting |
| Row-level detail | Individual row failures and warnings tracked |
Export
Profile data can be exported based on segment queries or context filters.
Export Process
- Define audience — Select a segment or build a query
- Choose fields — Select which fields to include (defaults: name, email, tags, states)
- Generate — System resolves the segment, loads profiles, and builds the export
- Download — Export available as CSV or PDF
Export Features
| Feature | Description |
|---|---|
| Segment-based filtering | Uses the same segment engine as campaigns |
| Custom field selection | Choose which profile and custom fields to export |
| Permission-aware | Respects the exporting user's data access scope |
| PDF support | Exports can include institution branding and layout |
GDPR: Forget vs Delete
FullFabric provides two levels of profile removal to support GDPR compliance and institutional policies.
Delete
Soft deletion — the profile record is retained but flagged as deleted.
| Aspect | Behavior |
|---|---|
| Account state | Set to deleted |
| Timestamp | Deletion time recorded |
| Communications | Auto-unsubscribed (marketing policy set to all-disabled) |
| Addressability | Profile becomes unaddressable |
| Data | Profile data remains intact and queryable |
| Reversibility | Not reversible through standard operations |
Restrictions: Staff, admin, and lecturer profiles cannot be deleted.
Forget (GDPR Right to Erasure)
Soft deletion with anonymization — personal data is encrypted and replaced with anonymous placeholders.
| Aspect | Behavior |
|---|---|
| Account state | Set to forgotten |
| Timestamp | Forget time recorded |
| Journey roles | All class/course roles deleted |
| Communications | Auto-unsubscribed |
| Data encryption | Sensitive fields encrypted with a profile-specific AES-256-GCM key |
| Anonymization | Original values replaced with placeholders |
What Gets Anonymized
The anonymization process encrypts and replaces values across multiple entities:
| Entity | Anonymized Fields |
|---|---|
| Profile | Email, address, custom text fields |
| Applications | All schemable document fields |
| Form submissions | All schemable document fields |
| Event responses | Contact information |
| Campaign reports | Email addresses |
Anonymized values are replaced with clearly marked placeholders (e.g., "Deleted address", "Deleted First Name").
The original data is encrypted using a unique per-profile encryption key. This allows theoretical recovery if legally required, while ensuring the data is not accessible through normal platform operations.
Restrictions: Staff, admin, and lecturer profiles cannot be forgotten.
Bulk Operations
Several operations can be performed on groups of profiles at once.
Bulk Update
Updates a specific field across all profiles matching a segment or selection. Only fields with bulk update enabled can be updated this way.
Bulk Unsubscribe
Unsubscribes all profiles in a segment from marketing communications, disabling all communication channels.
Bulk Delete / Bulk Forget
Processes profile deletion or anonymization in batches:
| Aspect | Detail |
|---|---|
| Batch size | 50 profiles per batch |
| Scope | Only prospect, applicant, student, alumnus, and contact roles |
| Processing | Processed in the background until all profiles are handled |
| Completion | Requesting user receives an email with final stats |
| Stats tracked | Total, ignored (staff/admin), and processed counts |
Account State Management
Profile account states control authentication and platform access. State changes are managed through dedicated operations.
Activate
Transitions the user role from inactive or suspended to active.
| Aspect | Behavior |
|---|---|
| Timestamp | Activation time recorded |
| Automation | Triggers profile activated automation event |
| Restriction | Cannot activate support staff through this operation |
Suspend
Temporarily blocks the account.
| Aspect | Behavior |
|---|---|
| Timestamp | Suspension time recorded |
| Session | Current session token invalidated — forces re-authentication |
| Addressability | Profile becomes unaddressable |
| Automation | Triggers profile suspended automation event |
| Restriction | Cannot suspend support staff |
Inactivate
Downgrades an active account back to inactive status.
| Aspect | Behavior |
|---|---|
| Timestamp | Activation time cleared |
| Automation | Triggers profile deactivated automation event |
State Transition Summary
| From | To | Operation | Reversible |
|---|---|---|---|
| Inactive | Active | Activate | Yes |
| Active | Suspended | Suspend | Yes |
| Suspended | Active | Activate | Yes |
| Active | Inactive | Inactivate | Yes |
| Active / Inactive | Deleted | Delete | No |
| Active / Inactive | Forgotten | Forget | No |
Automation Events
All profile operations trigger automation events that can be used in workflows:
| Event | Trigger |
|---|---|
| Profile created | A new profile is created |
| Profile activated | Account activated |
| Profile deactivated | Account inactivated |
| Profile suspended | Account suspended |
| Profile deleted | Account deleted |
| Profile forgotten | Account forgotten (GDPR) |
| Role added | Role added to a context |
| Role removed | Role removed from a context |
| Role changed | Role state changed |
| Role withdrawn | Role withdrawn from a context |