Security
Compliance centre — data rights, retention and audit
Handle Subject Access Requests, the right to erasure, data exports, retention sweeps, and the firm-wide audit log.
The compliance centre (/compliance) gives firms the tools to meet UK GDPR obligations while respecting HMRC's six-year retention rule for VAT records.
Overview dashboard
See open and overdue SARs, pending erasure requests, records past their retention date, and exports generated in the last 30 days at a glance.
Subject Access Requests
- Log requests by type — access, erasure, rectification, portability, objection, restriction.
- A one-month statutory deadline counts down on each request.
- Move requests through their lifecycle (new → in progress → awaiting subject → completed/rejected); every change is audit-logged.
Right to erasure
Raise an erasure request against a user email. On approval, the account is anonymised while VAT records are retained under HMRC's six-year obligation — the two requirements are reconciled automatically.
Data exports
Generate a CSV + JSON bundle scoped to the whole firm, a single user, or a single organisation, available via a signed download link for 14 days.
Retention & audit
- Retention — a sweep flags records eligible for purge once their retention window closes.
- Audit log — a firm-wide, append-only record of compliance actions.