ThatApp supports GDPR right-to-erasure (right to be forgotten) requests. This article covers what gets deleted, what is retained, and how to submit a request.
Processing an erasure request
When you receive a right-to-erasure request from an individual whose data is in your lake:
Tell AVA: "I need to process a GDPR erasure request for [name or identifier]."
AVA will search your lake for all records containing that individual's identifying information.
AVA will show you a list of all records found, across all connected platforms.
Review the list. Confirm the erasure.
ThatApp will remove the individual's personal data from the lake. Records that reference this person but contain other non-personal data may be retained in an anonymized form, depending on your configuration.
What is erased
- The individual's personal data fields (name, email, phone, address)
- Comments authored by or about the individual that contain personal data
- File attachments uploaded by the individual
What is retained
- Audit log entries recording that an erasure was performed (without the erased data)
- Financial transaction records (invoices, payments) where retention is legally required
- Anonymized record structures where the personal data has been removed
After erasure
ThatApp provides an erasure confirmation report you can retain for compliance purposes. The report records what was erased, when, and which platforms were affected — without reproducing the erased data.
Data in connected platforms
ThatApp can erase data from your lake, but the source platforms (Podio, Salesforce, etc.) are separate systems you manage. Erasure from the ThatApp lake does not delete data from those platforms. You must process the erasure in each source platform separately.
Related: How Your Data Lake Works · Understanding Backup Behavior