Account Deletion

Last updated: May 11, 2026

How HRFlowTech accounts work

HRFlowTech accounts are provisioned by your employer (the tenant organisation). Because your records form part of the tenant's HR system — subject to employment law, payroll retention rules, and audit obligations — deleting an account usually requires the tenant's HR administrator to authorise removal. We always notify them of an incoming deletion request and process it within the timeline below.

Two ways to request deletion

Option 1 — Inside the mobile app

Open the HRFlowTech mobile app and sign in.
Tap the Profile tab in the bottom navigation.
Scroll to Account & Privacy and tap Delete my account.
Confirm by entering your password and tapping Submit deletion request.

Screenshot reference for app-store reviewers: TODO: attach annotated screenshots of the in-app flow before submission — expected at /public/assets/images/legal/delete-1.png through delete-3.png.

Option 2 — This web form

Tenant domain or workspace *

Reason (optional)

I understand that some records (statutory payroll, tax, and audit logs) may be retained as required by law, and that my employer's HR administrator may need to confirm this request.

What is deleted

Your user account record and login credentials
Your employee directory entry (name, position, department, contact info)
Attendance punch history attributed to your staff ID
Leave requests and approvals
Payslips visible in self-service (the underlying statutory records remain — see below)
AI Assistant chat history and feedback you submitted
Mobile-app push tokens and device session tokens
SSO link records (Google, Microsoft, Apple, Facebook)

What is retained, and why

Statutory payroll & tax records — e.g. IR56B/E/F/G/M filings under the Hong Kong Inland Revenue Ordinance must be kept for 7 years; comparable rules apply in Singapore, Malaysia, and other jurisdictions.
MPF / provident-fund records — retained as required by the relevant regulator.
Audit logs — security event records (logins, admin actions) are retained for up to 12 months for fraud prevention and incident investigation.
Retained records are minimised to what the law requires and are deleted automatically once the retention period expires.

Timeline

Within 72 hours — we acknowledge the request by email.
Within 30 days — we complete deletion of all records that are not subject to statutory retention, and we send you a confirmation.
If we need additional verification or your tenant administrator's authorisation, we will tell you in the acknowledgement email.

SSO data-deletion callbacks

If you signed in via Facebook or Apple SSO and you trigger deletion through those providers, our callback at /api/data-deletion-callback.php will queue the same removal flow described above.

Contact

Email: [email protected]
Subject line: Data Deletion Request