XWMS Privacy and Data Requests

How data export and account erasure requests work in XWMS.

Privacy and Data Requests

XWMS includes a privacy center where you can request a data export or account erasure.

XWMS privacy policy

Data export

Data exports are not instant. You create a pending request from your account. An administrator reviews and approves the request. When approved, XWMS generates a temporary structured export file and sends an account notification and email where available.

The export is security-filtered. It intentionally excludes or redacts passwords, raw tokens, refresh tokens, security codes, recovery secrets, raw session payloads, secret hashes, provider identity ids, and precise security-sensitive values.

Account erasure

Account erasure requests have a 7-day cancellation period. During that time, you can cancel the request from your account.

After the 7-day period, an authorized admin may approve the request. XWMS then anonymizes the account so it is no longer reasonably linked to you in normal account operations.

Why not every row is physically deleted

Some records may be retained or minimized for legal, accounting, tax, fraud-prevention, chargeback, security, or dispute-resolution reasons. The goal is to remove or anonymize direct identifiers while respecting legal exceptions.

Security rules

You must unlock your account before creating privacy requests.
Export download requires account unlock.
Export files expire after a limited period.
Completed erasure cannot easily be reversed.