Settings > Data Compliance is where you handle GDPR/CCPA data requests. It has three tabs: Data Exports, Deletion Requests, and Account.
Data Exports
Use this tab to produce a data export for a subject-access ("show me everything you have on me") request. Choose the GDPR Subject Access Request export type, and Tormano assembles a downloadable file of that contact's data. Completed exports are listed in the Export History on the same tab.
Deletion Requests
For a right-to-be-forgotten request, open Deletion Requests > New Deletion Request, find the contact, and pick a deletion type:
- Anonymize — strip identifying details but keep aggregate/statistical records.
- Contact Erasure — remove the contact and their PII.
- Full Deletion — remove the contact and its associated data.
Each request is written to the immutable audit trail. Erasure is intentionally irreversible — this is different from the everyday soft delete on a record, which is recoverable.
Account
The Account tab is the danger zone for deleting your entire organization and all of its data (GDPR right to erasure at the org level). Deletion is scheduled with a 30-day grace period during which you can cancel it from this page; after the grace window it is permanent. Owner/admin only.
What this page is not
There is no "Deleted Records" restore screen here, and no "Retention", "Erasure Requests", or "Access Requests" tabs. Recovering an individually soft-deleted record is done through support (see "Deleting and recovering contacts").