Settings > Data Compliance is where you handle GDPR/CCPA requests and configure data retention.
Right-to-be-forgotten (erasure)
When a contact requests deletion under GDPR or CCPA:
- Settings > Data Compliance > Erasure Requests > + New Request.
- Search for the contact, confirm.
- Tormano permanently purges the contact and all PII within 30 days (typical sub-24h actual).
- Linked activities and deals/donations have the contact reference replaced with "Erased" — preserving aggregate metrics without exposing identity.
The action is logged in the immutable audit trail with a timestamp and the requesting party's reference.
Data subject access requests
For "show me everything you have on me" requests:
- Settings > Data Compliance > Access Requests > + New Request.
- Pick the contact.
- Tormano generates a downloadable ZIP with all their data: contact record, activities, donations, custom field values, audit history.
The export is encrypted and shareable for 7 days, then deleted.
Soft-delete recovery window
Default 30 days. Configurable in Settings > Data Compliance > Retention down to 7 days minimum. Permanently shorter retention reduces your data exposure but limits accident recovery.
Audit log retention
Default 7 years (US compliance standard). Configurable down to 1 year. Audit logs can be archived to cold storage at any age beyond your retention floor.
Encryption at rest
All sensitive fields (OAuth tokens, MFA secrets, API keys, e-signature access tokens) are encrypted with AES-256-GCM. Database backups are also encrypted. Key rotation supported via env var swap.