Data Handling

This page describes what Ascent stores, how long it is kept, and how you export or erase the data your organization holds. The export and erasure tooling described here is exposed through the GDPR API (/api/gdpr/*) and is restricted to the Org Owner role.

Overview

Ascent's data-handling tooling lets you:

Understand what categories of data Ascent stores for your organization.
Request a full data export of your organization's records as JSON or CSV (GDPR Article 20, data portability).
Request erasure of your organization's data, with a 30-day grace period before the data is permanently purged (GDPR Article 17, right to erasure).
Cancel a pending erasure request within the grace period.

What Ascent Stores

Ascent stores the data you enter or sync into the product in order to operate the PSA and CRM features you use:

CRM data — clients, contacts, locations, opportunities.
PSA data — tickets, ticket replies, time entries, projects, tasks, contracts, services, calendars and calendar events.
Asset data — assets, networks, racks, domains, certificates, software/licensing, and the credentials (password) vault.
Billing data — invoices, quotes, payments, recurring invoices, products.
Financial data — accounts, expenses, revenues, trips.
Integration state — tokens and configuration for connected systems (e.g. Level RMM, Microsoft 365, SMTP/IMAP, Stripe).
Platform data — user accounts, org memberships and roles, audit logs, and session metadata.

Sensitive integration credentials and similar secrets are encrypted at rest using AES-256-GCM with a per-organization derived key — see Trust & Security Overview for the full description of the encryption model and its limits.

Retention

Operational data (the records listed above) is retained as long as your organization remains active on Ascent.
Audit logs are retained for the lifetime of the organization. Even when an organization is erased, audit log rows are intentionally not deleted, so an audit trail of the deletion remains.
Invoices, invoice line items, and payments are subject to a 7-year legal hold. On erasure these are not deleted — they are anonymized in place (personal data removed; amounts, dates, and document numbers retained). See Erasure below.
Account deletion — when you request erasure, your organization is immediately blocked from access (soft-deleted) and the data is permanently purged after a 30-day retention window.

For the hosted service, infrastructure-level database backups are handled by the platform operator. On-premises customers operate their own backup, retention, and disaster-recovery policy — see On-Premises Deployment.

Data Export (Right to Portability)

The Org Owner can request a complete export of the organization's data. The export runs as a background job; you are notified in-app when it is ready.

How export works

The Org Owner submits an export request, choosing JSON or CSV (JSON is the default).
Ascent queues a background job that collects the organization's records into a single archive.
When the job finishes, the requesting user receives an in-app notification with a download link.
The download link is available for 24 hours, after which the file is automatically deleted by a daily cleanup job and can no longer be downloaded.

Export limits

Limit	Behavior
Concurrent exports	Only one export may be in progress at a time. Requesting another while one is queued or processing returns a conflict.
Rate limit	A maximum of 5 export requests per organization per hour.
Download window	The download link expires 24 hours after the export completes.
Access	Only the Org Owner can request or download an export.

What is included

The export contains your organization profile, members, and records across CRM, assets, tickets and time, projects, billing, financial, documents, calendars, and the audit log. Each section is exported as its own block (one named table per section in the CSV format).

What is excluded

For security reasons, the export deliberately omits sensitive material:

Credentials (the password vault) are excluded entirely.
Encrypted secret fields (such as MFA secrets and recovery codes) are omitted from the output.
Platform-internal identifiers (such as Stripe customer/subscription IDs) and other secrets are not included.

Erasure (Right to Be Forgotten)

The Org Owner can request permanent erasure of the organization's data. This is a destructive, two-phase operation.

Requesting erasure

The Org Owner submits an erasure request. To prevent accidental deletion, the request must include the exact confirmation string DELETE MY DATA.
The organization is immediately soft-deleted — access is blocked and members can no longer sign in.
A permanent purge is scheduled for 30 days later. The Org Owner receives an in-app confirmation noting the scheduled purge date.

Erasure is blocked while an active Stripe subscription exists. You must cancel your Ascent subscription before requesting deletion.

Cancelling erasure

At any point during the 30-day window, the Org Owner can cancel the pending erasure. Cancelling restores the organization to active status and removes the scheduled purge.

What the purge does

When the 30-day window elapses, Ascent permanently purges the organization's personal data. To balance erasure against legal-retention obligations, the purge uses a mixed strategy:

Data	What happens on purge
Most operational records (CRM, assets, tickets, projects, documents, financial, etc.)	Permanently deleted.
Invoices, invoice items, payments	Anonymized in place — personal data and Stripe identifiers are removed, but amounts, dates, and document numbers are retained for the 7-year legal hold.
Clients that have invoices	Kept as anonymized tombstones (name set to `[Deleted]`, all personal data removed) so invoice references stay intact.
Audit logs	Not deleted. Audit history is retained, and the completion of the purge is itself recorded in the audit log.
The organization record	Kept as an anonymized tombstone (name set to `[Deleted]`, contact details and billing IDs removed) for audit continuity.

Deletion status

The Org Owner can check the status of an erasure request at any time. A deletion progresses through these states:

Status	Meaning
`PENDING`	Soft-deleted; purge scheduled. Still cancellable.
`CANCELLED`	The request was cancelled and the organization restored.
`PURGING`	The permanent purge is in progress.
`PURGED`	The purge completed.

Individual Data Subject Requests

The export and erasure workflows above operate at the organization level. If you need to handle a request about a single individual (for example, removing one contact's personal data) you can edit or delete that contact's records directly in the app using the CRM tools, since contact and client records are editable by authorized users at any time.

Ascent does not currently hold a GDPR certification as a framework — see Compliance Posture. If you operate under GDPR and need to process a request that isn't covered by the in-product tooling, contact [email protected].

Access Controls for Your Data

Inside your organization, access to data is governed by the RBAC model described in the Trust & Security Overview. You control which users have which roles and permissions. The GDPR export and erasure operations are reserved for the Org Owner.

Integrations

When you connect Ascent to an external system (Level RMM, Microsoft 365, SMTP/IMAP, Stripe, etc.), the credentials or tokens you provide are stored encrypted. Data synced from integrations is stored alongside data you enter directly and is subject to the same export and erasure rules.

Overview​

What Ascent Stores​

Retention​

Data Export (Right to Portability)​

How export works​

Export limits​

What is included​

What is excluded​

Erasure (Right to Be Forgotten)​

Requesting erasure​

Cancelling erasure​

What the purge does​

Deletion status​

Individual Data Subject Requests​

Access Controls for Your Data​

Integrations​