DPDP / data export and erasure

How admins export tenant data + handle erasure requests.

The Digital Personal Data Protection Act (DPDP, India 2023) gives data principals (your users, your workers, your vendors) the right to access and erase their personal data.

Self-serve export

Admins can dump the whole tenant from Settings → Privacy → Export. Output is a single JSON file with every row keyed off the org, suitable for handing to an auditor or to a customer who's offboarding.

Per-user erasure

From the same page, search by email and hit Erase. We hard-delete the User row and tombstone references in audit logs (entityId stays for chain integrity, but PII is null).

Tenant-wide deletion

Cancellation → 90-day grace → hard-delete. Run via the support team for now; self-serve tenant deletion lands in a future release.

The audit log's SHA-256 hash chain stays intact across erasures so compliance review can prove no row was silently rewritten.

Anything missing here? Email support — include the URL and your firm name.