GDPR compliance

Data exports, account deletion, audit trails, and data residency — everything you need for full GDPR compliance.

  1. 1 Request a data export

    Export all workspace data: tickets, documents, comments, audit trail, and attachments. Exports are packaged as a downloadable archive.

    // Create a full data export create_gdpr_job: { "workspace_id": "...", "type": "data_export", "requested_by": "user@example.com" }

  2. 2 Delete an account

    Remove a user's personal data from all workspaces. Account deletion has a 30-day grace period, after which the deletion is permanent and irreversible.

    // Request account deletion create_gdpr_job: { "workspace_id": "...", "type": "account_deletion", "requested_by": "user@example.com" }

  3. 3 Delete a workspace

    Permanently delete an entire workspace and all its data. Like account deletion, workspace deletion has a 30-day grace period before the data is permanently removed.

  4. 4 Review the audit trail

    Every action in Kera is logged with the actor, timestamp, and full details. The audit trail is immutable — it cannot be edited or deleted. Use it to demonstrate compliance and investigate incidents.

  5. 5 Data residency

    All data is hosted in the EU by default. For organizations that need full control over data location, self-host Kera on your own infrastructure.

  6. 6 Fulfill access requests (DSAR)

    Use the data export to fulfill Data Subject Access Requests. The export includes all personal data associated with the requesting user.

    // Check export job status get_gdpr_job: { "workspace_id": "...", "job_id": "..." }

Timelines

  • Data exports — complete within minutes depending on workspace size.
  • Account deletion — 30-day grace period, then permanent. Can be cancelled during the grace period.
  • Workspace deletion — 30-day grace period, then permanent. Can be cancelled during the grace period.
  • All GDPR operations are logged in the audit trail for compliance records.

Next steps