HomeHelp CenterSettings & Administration

Data compliance (GDPR, CCPA)

Data exports, deletion requests, and account deletion.

3 min read · Updated Jul 4, 2026

Settings > Data Compliance is where you handle GDPR/CCPA data requests. It has three tabs: Data Exports, Deletion Requests, and Account.

Data Exports

Use this tab to produce a data export for a subject-access ("show me everything you have on me") request. Choose the GDPR Subject Access Request export type, and Tormano assembles a downloadable file of that contact's data. Completed exports are listed in the Export History on the same tab.

Deletion Requests

For a right-to-be-forgotten request, open Deletion Requests > New Deletion Request, find the contact, and pick a deletion type:

  • Anonymize — strip identifying details but keep aggregate/statistical records.
  • Contact Erasure — remove the contact and their PII.
  • Full Deletion — remove the contact and its associated data.

Each request is written to the immutable audit trail. Erasure is intentionally irreversible — this is different from the everyday soft delete on a record, which is recoverable.

Account

The Account tab is the danger zone for deleting your entire organization and all of its data (GDPR right to erasure at the org level). Deletion is scheduled with a 30-day grace period during which you can cancel it from this page; after the grace window it is permanent. Owner/admin only.

What this page is not

There is no "Deleted Records" restore screen here, and no "Retention", "Erasure Requests", or "Access Requests" tabs. Recovering an individually soft-deleted record is done through support (see "Deleting and recovering contacts").