τiso-compliant
Get an API key

Personal Data & Deletion

Effective 3 June 2026Version 2026.06.01

This page explains exactly what personal data iso-compliant holds about you, how to download a copy, and how to permanently delete your account. Our full data-processing practices are in the Privacy Policy.

Self-serve options are available in the dashboard. If you have an account, the quickest path is Settings → Account — you can export data and delete your account there. For email-based requests or queries about data held by a tenant you are no longer a member of, contact dpo@iso-compliant.com.

What we store about you

Account & identity data

  • Email address — used to authenticate you, send transactional emails (invoice receipts, recovery links), and identify you within your organisation.
  • Organisation name — the tenant name set when your workspace was created.
  • Billing address and tax ID — collected if you upgrade to a paid plan. Passed to Stripe and retained for seven (7) years for tax records.
  • Role within tenant — owner, admin, or member, recorded in tenant_members.

Authentication credentials

  • A hashed representation of your password (bcrypt; the plaintext is never stored). If you use magic-link / email OTP there is no password stored at all.
  • API key prefixes and SHA-256 hashes of issued secrets. The raw secret is shown once at creation and never retained.
  • Ed25519 public key fingerprints for signing-key authentication.
  • Login session tokens (JWT), valid for 14 days from last use.

QR-bill & SEPA payment data

The ISO 20022 payloads (pain.001, pain.002, camt.053, Swiss QR-bill content) that you submit to the API are processed in-memory and not stored. Only the SHA-256 hash of each canonical request/response body is written to the audit_logs table for tamper-evident compliance evidence. Plaintext payloads are evicted from the request-render cache within five (5) minutes of response.

Webhook configuration

If you register outbound webhook endpoints, we store the HTTPS URL, a description, event-type filter, and an encrypted webhook signing secret (AES-256-GCM envelope encryption). We also store a capped delivery log (request body ≤ 2 KiB, response body ≤ 1 KiB) per delivery attempt. The full event payload is SHA-256-hashed only; the bytes are not retained.

Evidence exports

Each compliance-pack export request is recorded inevidence_exports: timestamp, manifest SHA-256, manifest JSON, and an R2 object reference. This ledger is immutable (DELETE is revoked at the database level) so it can serve as hash-chained audit evidence.

Usage & billing events

Per-request usage events (endpoint called, ruleset version, MsgId, response status, latency, timestamp) are stored inusage_events and used for billing metering and dashboard analytics.

Audit log

Tenant-level administrative actions are recorded inaudit_logs with a hash-chained integrity proof. These records are retained for seven (7) years per the compliance-evidence retention policy. They are deleted when the owning tenant is deleted (which happens automatically when you close a single-member account).

What we do not store

  • Plaintext payment payloads beyond the in-memory render window.
  • Raw API key secrets — only SHA-256 hashes and short prefixes.
  • Raw webhook signing secrets — only the encrypted wrapper and prefix.
  • Anything used to train machine-learning models. Our LLM usage is offline, batch, and runs against bank-specification PDFs — never against customer transaction data.

How to export your data

Log in to the dashboard and navigate to Settings → Account. From there you can request a data export. The export includes your account profile, tenant membership record, API key metadata (prefixes only — not secrets), webhook URLs and event filters, and usage-event totals.

Alternatively, email dpo@iso-compliant.com with the subject line Data Access Request. We respond within thirty (30) days.

How to delete your account

Self-serve: go to Settings → Account and use the Delete account section. You will be asked to type your email address to confirm. Deletion is immediate and permanent and includes:

  • Your Supabase auth user record
  • All tenants where you are the sole member, and all their cascaded data: API keys, signing keys, webhooks, webhook deliveries, usage events, HITL queue rows, audit-chain records, and evidence-export metadata
  • Your membership rows in any shared tenants (the tenants themselves are left intact for other members)

Email-based: send a request to dpo@iso-compliant.com with subject line Account Deletion Request. We process all deletion requests within thirty (30) days.

Contact

Data Protection Officer: dpo@iso-compliant.com
General privacy queries: privacy@iso-compliant.com
Full policy: Privacy Policy