Request Demo Sign In
Legal

User Data Deletion

This page explains how ScapeOne tenants, users and OAuth/social users can request deletion of platform and provider-connected data.

Last updated: 30 June 2026

What data may be stored

ScapeOne may store account, tenant, customer, lead, quote, invoice, payment, booking, job, employee, timesheet, project, photo, document, report, website, review, SEO, social draft and integration data.

Connected integrations may also store OAuth tokens, provider account IDs, page or location selections, granted scopes, sync status, accounting references and payment references.

How to request deletion

Email web@iscapegroup.com.au with the subject "ScapeOne data deletion request". Include your name, email address, business or tenant name, the connected provider if relevant and the type of data you want deleted.

We aim to action verified deletion requests within 30 days where legally and operationally possible. We may need to verify your identity or confirm authority with the tenant account owner before deleting tenant data.

Provider-connected and OAuth data

You can remove provider-connected data by disconnecting the integration in ScapeOne or by emailing support. OAuth tokens and stored social provider data for Meta/Facebook/Instagram, Google, LinkedIn, Pinterest, X/Twitter and similar providers can be deleted from ScapeOne once verified.

Stripe, MYOB, Xero, Google, Meta, LinkedIn, Pinterest, X/Twitter and other providers may also keep data inside their own systems. You may need to request deletion directly with those providers as well.

Records we may need to retain

Some accounting, tax, billing, payment, security, dispute, fraud prevention and legal records may need to be retained for a lawful period even after a deletion request. Where possible, we will limit use of retained data to the required purpose.

Backups may contain deleted data for a limited period before those backups expire through normal retention cycles.

Meta deletion callback

For Meta App Review, ScapeOne provides a deletion callback endpoint at /api/oauth/meta/data-deletion. The endpoint records a redacted deletion request and returns a confirmation response. Destructive deletion is only performed after appropriate verification.