GDPR Deletion

This page describes how Entropy Data handles the deletion of personal data when a user is removed, which data is removed, which data is retained for audit purposes, and how this maps to the requirements of a GDPR deletion concept.

Scope of Deletion

When a user is deleted, Entropy Data removes the user's personal data together with the account. Shared content the user contributed to (data products, data contracts, policies, and so on) is preserved, and only the authorship and audit references on that content are retained for traceability.

What is deleted

When a user is removed from an organization, all of their data scoped to that organization is deleted:

Organization and team memberships
AI assistant conversations, summaries, and chat logs
Search assistant history
Saved filters
Data contract watches (subscriptions)
User-scoped API keys
In-progress Microsoft Fabric / Power BI OAuth flows

Once the user is no longer a member of any organization, the account itself and all remaining personal data is deleted:

User settings
Password reset and email verification tokens
Git credentials and data source connections owned by the user
Uploaded profile picture (avatar) images
Active login sessions
MCP authorizations and consents
The user record itself

What is retained

Audit fields (created_by, updated_by) on content and audit-trail tables
Activity history in Events (the principal field contains the user ID or email address)

SCIM Deprovisioning

SCIM deprovisioning via DELETE /api/scim/v2/Users/{userId} removes the user from the organization linked to the API key, deleting all of their data scoped to that organization. Once the user is no longer a member of any other organization, the account itself and all remaining personal data is deleted. Audit and activity data remain in place.

References:

Self-Service Deletion

There is currently no self-service option for users to delete their own profile. In enterprise deployments, user lifecycle is typically handled via SCIM or by organization administrators.