Data Retention and Account Deletion

Overview

FTE Tree follows a structured data lifecycle to protect your information while meeting compliance and retention requirements. This article explains what happens to your organization's data when a subscription ends, how long data is retained, and how permanent deletion works.

When a Subscription Ends

When your subscription is cancelled or expires, your organization enters a 90-day grace period. During this period:

• All of your data (positions, employees, departments, approval history, etc.) is fully preserved.
• Access to the application is restricted until the subscription is renewed.
• You can resubscribe at any time during the grace period to restore full access with all data intact.

If no action is taken within the 90-day grace period, your organization becomes eligible for data anonymization.

Data Anonymization

After the grace period, an administrator reviews your organization's status and confirms that data removal should proceed. Once confirmed, the following occurs:

• Operational data is permanently deleted: positions, employees, departments, job codes, approval requests, requisitions, reports, messages, uploaded files, and all associated records.
• Audit records are anonymized: event timestamps and types are preserved, but all personally identifiable information (names, descriptions, notes) is redacted to [redacted].
• Billing records are anonymized: your Stripe customer ID is preserved for dispute resolution, but all contact information, addresses, and payment details are removed.
• Your organization shell is preserved: a minimal record is retained with an anonymized name and no identifiable information.

This process is irreversible. Once anonymization is complete, your operational data cannot be recovered.

Retention of Anonymized Records

Anonymized audit and billing records are retained for approximately 7 years after anonymization to meet financial record-keeping and compliance obligations. During this retention period:

• No personally identifiable information is stored.
• Only anonymized event metadata (timestamps, event types) and your Stripe customer ID remain.
• These records cannot be used to identify any individual.

After the 7-year retention period, the anonymized records and the organization shell are permanently deleted from the database.

Audit Event Retention

FTE Tree maintains two categories of audit events with different retention policies:

• User-facing audit events (events with a configured section, such as position changes, approval actions, and user updates) are retained for the lifetime of your organization's account. These events appear in audit history pages and are available for reporting.

• System audit events (internal events without a configured section, such as login tracking, session management, and automated system actions) are retained for a minimum of 2 years and may be periodically cleaned up after that period.

Both categories of events are subject to the anonymization process described above when a subscription ends and the grace period expires.

Legal Holds

In certain situations (such as pending litigation or regulatory investigations), your organization may be placed under a legal hold. While a legal hold is active:

• Data anonymization is blocked, regardless of subscription status or grace period.
• Permanent deletion is blocked, even if the retention period has passed.
• All data is preserved in its current state until the hold is lifted.

Legal holds are managed by FTE Tree administrators and are typically applied at the request of legal counsel.

Requesting Immediate Deletion

If you need your organization's data removed before the standard grace period, please contact us or email us at support@ftetree.com. An administrator can expedite the anonymization process upon verification of your request.

Summary

Need Help?

For questions about data retention, account deletion, or to request early deletion, please contact us or email us at support@ftetree.com.