If you want to learn more about how we keep your data safe, visit our security center.
This article primarily discusses how we delete employee data that is out of scope with our filtering feature. We have invested in a data deletion process that ensures that Kombo and our customers are reading employee data in the most compliant way possible.

Initial Sync

During the initial sync, which is the first sync of a new integration, we fetch all employees in the system to generate the criteria for filtering. If filtering is enabled for this connection, we won’t sync any employee PII data into our database until the filters have been confirmed by the user in the filtering UI. This ensures that we only store the data that is necessary and compliant with the user’s requirements. Filtering feature enabled in connection flow If filtering is disabled, we treat it as if the filters are set to include all employees and save everything in our database. However, we only save the fields that are enabled in the scope config. This means that even if we fetch all the data, only the relevant fields as per the scope configuration will be persisted in our database. Filtering feature disabled in connection flow

Subsequent Syncs

For subsequent syncs, we still need to fetch all employees in the system because most tools we support do not give us the option to fetch only the employees that match the filters. Despite this, we only save the data of employees that match the setup criteria. If an employee goes out of scope, we mark them as deleted and handle them according to our deletion policy. Specifically, the entry will be marked with remote_deleted_at and deleted after 14 days. This process ensures that no sensitive data is retained longer than necessary, maintaining compliance and data protection standards. By adhering to these policies, Kombo ensures compliance and the protection of sensitive employee data.