Export or delete your data (GDPR)

We support self-service data export (Article 20 - right to data portability) and self-service account deletion (Article 17 - right to erasure). Both flows are end-to-end without needing to contact support.

Export your data

Go to Settings → Data → Download My Data.

You receive a JSON file containing:

• Your account profile and preferences.
• Every organization you belong to.
• Activity logs scoped to your user.
• Work products you created (clients, projects, tasks, comments, attachments metadata).

Sensitive fields are redacted: session tokens, OAuth refresh tokens, password hashes, 2FA secrets, API key hashes. The export request itself is audit-logged.

Schedule deletion

Go to Settings → Data → Delete My Account.

Account deletion uses a 30-day grace period. During the grace period:

• A banner appears across the app showing the deletion date.
• You can sign in normally.
• You can cancel deletion from the same settings page (or the banner) with a single click.

After the grace period, a nightly cron job runs the anonymisation. We:

• NULL the foreign keys on rows you authored (so the work products remain in the workspace but are attributed to "Deleted user").
• Hard-delete your sessions, OAuth accounts, notifications, and push subscriptions.
• Replace your name and email with placeholder values.

This is irreversible.

Sole-owner blocker

If you're the sole owner of an organization with active members, deletion is blocked - you must first either transfer ownership or remove the other members. This protects the workspace from being orphaned.

Email opt-outs

Independent of account deletion, you can:

• Click "Unsubscribe" on any email - adds your address to our suppression list for non-essential mail.
• Granular opt-outs at Notifications → Preferences → Email Categories - separate toggles for product updates, billing nudges, and marketing.

Critical email (auth, billing, security) is sent regardless of opt-outs; this is required by law in most jurisdictions.