If you want to learn more about how we keep your data safe, visit our
security center.
Initial Sync
During the initial sync, which is the first sync of a new integration, we fetch all employees in the system to generate the criteria for filtering. If filtering is enabled for this connection, we won’t sync any employee PII data into our database until the filters have been confirmed by the user in the filtering UI. This ensures that we only store the data that is necessary and compliant with the user’s requirements.

Subsequent Syncs
For subsequent syncs, we still need to fetch all employees in the system because most tools we support do not give us the option to fetch only the employees that match the filters. Despite this, we only save the data of employees that match the setup criteria. If an employee goes out of scope, we mark them as deleted and handle them according to our deletion policy. Specifically, the entry will be marked withremote_deleted_at
and deleted after 14 days. This process ensures that no sensitive data is retained longer than necessary, maintaining compliance and data protection standards.
By adhering to these policies, Kombo ensures compliance and the protection of sensitive employee data.