Data Privacy and GDPR

Data subject access requests

Under Settings then Data privacy then Export user data, enter a user's email. Rivolq compiles a JSON archive of profile data, their work orders, comments, audit entries, and attachments, delivered via a secure download link that expires in 7 days.

Erasure

Under Settings then Data privacy then Erase user data, the user record is deactivated and personal fields scrubbed to Erased User #N. Work orders, comments, and audit entries remain but are anonymized; attachments are deleted unless tied to in-flight regulatory or safety records. Erasure is irreversible and logged.

Retention and recycle bin

Active data is kept indefinitely, audit logs 90 days to 7 years by plan, deleted records 30 days, and attachments on closed items 5 years. The recycle bin under Settings then Data privacy lets you restore or permanently purge within 30 days.

DPA and trust

Rivolq executes a DPA with every customer at /dpa, covering processor obligations, subprocessors, data return, and breach notification. The public trust center is at /trust. Enterprise plans support field-level encryption with customer-managed keys.