The Client ID by itself does not store any personally identifiable information. The ClientID is made up a one-way hash of the hardware fingerprint combined with software data path. The hash value itself is calculated on the client. In addition, when the ClientID is combined with the default data capture by the SDK the combination does not contain personally identifiable information.
If the software vendor, the data controller, has extended the Usage Intelligence configuration to collect personal data and an end user (or data subject) contacts the software vendor to request a copy of all data or request that the data be deleted the software vendor can comply by sending a request to Revulytics that data be deleted on specific Client IDs.