Data & Privacy

Workestra takes data privacy seriously. This guide covers how to export your data, request deletion, and review audit logs.

Data & Privacy settings require Admin or Owner permissions.

Export all data associated with your workspace for compliance or backup purposes.

What Gets Exported

The export includes:

Data Type	Format	Contents
Contacts	CSV/JSON	All CRM contacts and companies
Deals	CSV/JSON	Pipeline data, activities, notes
Candidates	CSV/JSON	Recruiting data, applications
Tasks	CSV/JSON	Projects data, time tracking
Tickets	CSV/JSON	Support data, conversations
Invoices	PDF/CSV	Finance data, line items
Documents	Markdown	Knowledge Base documents
Users	CSV	Team member list (emails, roles)
Activity Log	CSV	Full audit trail

Requesting an Export

Navigate to Settings > Data & Privacy
Click Export Data
Select export format:
- Full Export — Everything in original formats
- GDPR Package — Structured for data portability
Click Request Export

Export Processing

Workspace Size	Processing Time
Small (< 1GB)	Minutes
Medium (1-10GB)	Hours
Large (> 10GB)	Up to 24 hours

You'll receive an email when the export is ready. The download link expires after 7 days.

Exports may contain sensitive data. Download securely and store appropriately.

Data Deletion Request

Request complete deletion of your workspace data.

Types of Deletion

Type	Scope	Use Case
Workspace Deletion	Entire workspace	Closing business, migrating
User Deletion	Specific user's data	GDPR right to be forgotten
Selective Deletion	Specific records	Data cleanup

Requesting Workspace Deletion

Go to Settings > Data & Privacy
Scroll to Danger Zone
Click Delete Workspace
Complete the verification steps:
- Confirm workspace name
- Enter Owner password
- State reason for deletion
Confirm

Deletion Timeline

Phase	Timeline	Status
Grace Period	30 days	Workspace marked for deletion, read-only
Soft Delete	30-60 days	Data hidden, recoverable by support
Hard Delete	60+ days	Permanent, irreversible deletion

This cannot be undone. After the grace period, your data is permanently deleted and cannot be recovered.

Individual User Deletion

For GDPR "Right to be Forgotten" requests:

Go to Settings > Team Members
Find the user
Click Remove
Select Permanently Delete Data
Confirm

The user's personal data is anonymized or deleted within 30 days.

Data Retention Policies

Active Workspaces

Data Type	Retention
Records	Until deleted by user
Activity Log	2 years
Deleted Records	30 days (recoverable)
Emails	Until account disconnects
Files/Attachments	Until deleted by user

Deleted/Cancelled Workspaces

Phase	Retention
Active cancellation	30 days full access
Read-only	30 days
Soft delete	30 days (support recoverable)
Hard delete	Permanent

Backups

Daily backups retained for 30 days
Backups are encrypted and geographically distributed
Backup restoration requires support contact

Audit Log

Track all significant actions in your workspace.

Viewing the Audit Log

Navigate to Settings > Data & Privacy
Click View Audit Log
Use filters to narrow results

Logged Events

The audit log captures 9 event types:

Event Type	Description	Example
user.login	User authentication	"john@example.com logged in from 192.168.1.1"
user.logout	Session termination	"Session ended for john@example.com"
user.invited	Team invitation sent	"Admin invited jane@example.com as Member"
user.role_changed	Permission modification	"john@example.com role changed from Member to Admin"
record.created	New record created	"Contact 'Acme Corp' created by john@example.com"
record.updated	Record modification	"Deal 'Enterprise License' updated by jane@example.com"
record.deleted	Record deletion	"Ticket #1234 deleted by admin"
settings.changed	Configuration change	"AI provider changed from OpenAI to Moonshot"
export.requested	Data export initiated	"GDPR export requested by owner"

Audit Log Details

Each log entry includes:

Timestamp — When the action occurred (UTC)
Actor — Who performed the action
Action — What was done
Target — What was affected
IP Address — Where the action originated
User Agent — Browser/device information

Filtering and Search

Filter the audit log by:

Date range — Specific time period
User — Actions by specific team member
Event type — Category of action
Resource — Specific record or module

Exporting Audit Logs

For compliance reporting:

Apply desired filters
Click Export
Choose format (CSV, JSON, PDF)
Download

Audit logs are retained for 2 years. Contact support if you need older logs.

Privacy Controls

Manage cookie settings:

Click the cookie icon in the footer
Adjust preferences:
- Essential — Required for the app to function (always on)
- Analytics — Helps us improve the product
- Marketing — Used for relevant communications
Save preferences

Do Not Track

Workestra respects browser Do Not Track settings for analytics cookies.

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA):

Contact legal@workestra.app
Provide your company details
We'll send a signed DPA within 2 business days

Workestra helps you comply with GDPR:

Requirement	Workestra Feature
Right to Access	GDPR Data Export
Right to Rectification	Edit any record
Right to Erasure	Data Deletion Request
Right to Restrict Processing	Pause user account
Right to Portability	Structured data export
Right to Object	Opt-out of communications

Data Processing

Controller: Your organization (workspace Owner)
Processor: Workestra Inc.
Subprocessors: Listed in our DPA
Data Location: EU (Frankfurt) by default for EU workspaces

Security Certifications

Workestra maintains the following certifications:

SOC 2 Type II — Security and availability controls
GDPR Compliant — European data protection
CCPA Ready — California privacy rights

Reports available to Enterprise customers upon request.

Next Steps

Security Settings — Configure 2FA and sessions
Roles & Permissions — Control data access
Contact: privacy@workestra.app for privacy questions

Data & Privacy

On this page