Welcome to Intric Support Center
Security & Compliance
DPIA
Data Handling: Export, Erasure, and Deletion

Data Handling: Export, Erasure, and Deletion

Under the GDPR, organizations must both fulfil data subjects’ rights (e.g. right of access and erasure) and not keep personal data longer than necessary (storage limitation).

This guide describes how the Intric platform technically supports these principles with tools for export, erasure, and automated deletion.

1. Fulfilling data subject rights (Art. 15 & 17)

Erasure of data

There are three levels of erasure depending on the scope of the user’s request:

  • Erasure of chat history: Individual conversations can be deleted by the user or by an administrator. This removes the interaction but keeps the user account.
  • Erasure of user account: When a user is removed from the system, all personally linked settings are anonymized or deleted.
  • Full purge: Both the account and all associated history are permanently deleted from the database.

What happens to documents and Assistants?

Documents uploaded to a shared Space are treated as the organization’s property and are not automatically deleted when an individual user is removed. This is to ensure business continuity. If the documents also contain personal data that must be erased, they must be removed separately from the specific Collection they belong to.

2. Strategic storage minimization: Integrations instead of uploads

To make it easier to comply with the GDPR, organizations can connect their existing internal systems (e.g. SharePoint or other business systems that process personal data) to Intric via integrations instead of uploading copies of documents directly into the platform.

Benefits of integrations for your DPIA

  • Centralized retention and disposal: By connecting e.g. SharePoint directly, your existing procedures for cleanup and retention apply. When a document is deleted or archived in the source system, it also stops being available to Intric’s Assistants.
  • Access control: Integrations often mirror existing permission structures, which reduces the risk of data being exposed to unauthorized users (data minimization at the access level).
  • Avoid data duplication: You avoid creating “data islands” where the same personal data exists in multiple places, which makes it much easier to respond to access requests and erasure requests.

3. Automated deletion and storage limitation (Art. 5.1(e))

For data that is still stored directly in Intric (e.g. chat history or manually uploaded files), organizations should configure rules for how long data may be kept.

Configuring retention policies

Administrators can set global or specific retention rules:

  • Automatic erasure of chat history: Configure the system to automatically delete chats older than a set number of days (e.g. 30, 90, or 180 days).
  • Document retention: Rules for how long files in specific Collections are kept before they are flagged for deletion or removed automatically.

Best practices for storage minimization

  • Prefer integrations: Use integrations for business-critical documentation so you keep control in the source system.
  • Differentiated retention: Use different Spaces for different types of data. HR-related data should have a stricter retention period than general knowledge bases.
  • Regular review: Use Intric’s logs to identify Collections that are no longer in use and should be archived or deleted.

4. Automation via API

For organizations with large user bases, Intric supports automation of these processes via an open API. This enables programmatic export for access requests or automatic deletion of accounts when an employee leaves (e.g. synced with Entra ID).