Right to Erasure now extends across team activity records

What changed

When you exercise your Right to Erasure under GDPR Article 17, your own account data is removed in a cascading delete. But your email address can also appear in places you did not own — for example in a team owner's invite history, in records of administrative actions taken on your account, or in member-management entries on accounts you accepted invitations from. Those references are still personal data about you under Art. 4(1).

From today, when you exercise Article 17, your email is also removed from team-invite and admin-action records held by other accounts. The redaction happens at the same moment as your account deletion. Sibling fields on those records — the action name, the timestamp, role context — stay intact so the other account's audit trail remains complete for everything other than your identifier.

What stays

Financial records (invoices, refunds, subscription history) remain under the legal-obligation exception in Art. 17(3)(b) — Polish accounting law (Ustawa o rachunkowości, art. 74) requires us to retain those for five years. The user reference on those rows is set to null, but the row itself stays.

What this is part of

The Right to Erasure is one of several individual rights described on our Privacy Policy; our DPIA and DPA cover the related processing context, and the public Audit Hub tracks completed work.

For a free trial, no credit card required.