Q&A

GDPR compliance - where is form data stored and can we delete it

Dec 16

our legal team is asking about data residency and GDPR compliance for the forms we run. specifically: - where are form submissions stored geographically? - can we set up automatic data retention policies (delete after X days)? - is there a way to export and delete all data for a specific user (right to erasure)? - are submissions encrypted at rest? not trying to be paranoid but we collect PII through our forms and need to check these boxes. any info would be appreciated

𝕏 in

Comments (3)

Chris Hall · Dec 17

these are the same questions our compliance team asked. checking the docs and reaching out to support helped. from what i can tell data is encrypted at rest and they have DPA agreements available. for automatic deletion you can build a workflow that runs on a schedule and deletes records older than your retention period

Mike Wheeler · Dec 18

for right to erasure we built a workflow triggered by a form where the user enters their email. the workflow searches all tables for that email, exports the data, sends it to the user, then deletes the records. took a day to build but now its fully automated

Omar Hassan · Dec 19

the automated erasure workflow is clever. we need something similar for our CCPA compliance