How do I export or delete my data?

GDPR self-service for every user:

1. Open /app/account/gdpr.
2. Click Request data export. We generate a JSON bundle of every row across users, sites, audits, audit_categories, audit_fixes, citation_runs, crawler_visits and email it to you within 7 days. Download links expire after 7 more days.
3. Click Delete my account to schedule deletion 30 days out. You get a cancellation link in case you change your mind. After 30 days the cron-nightly script soft-deletes the user, scrubs PII columns, drops sessions, and marks the gdpr_request as complete.

Invoices stay on file because HMRC requires 6-year retention - everything else is purged.