To comply with GDPR data-retention requirements, we need the ability to permanently delete all Personal Identifiable Information (PII) belonging to Qase users who have left our company for more than 6 months.

Introduce functionality that allows Qase administrators to permanently delete all personal data associated with a user who is no longer employed by our organisation.

Data that must be removed (PII):

Full name

Email address

Profile picture / avatar

Any other identifying metadata stored within Qase’s user profile

Acceptance Criteria

Qase admins can identify and select users who have been inactive or removed from SSO for >6 months.

A “Delete User Data” action is available that performs irreversible deletion of PII.

All PII fields are wiped or anonymised (e.g., replaced with “Deleted User”).

Deleting PII does not break existing test artefacts (test cases, comments, execution history) — references remain intact but anonymised.

Qase provides an audit log entry confirming that deletion was performed for regulatory purposes.

Why This Is Needed

Mandatory GDPR compliance

Reduces legal exposure

Ensures Qase is safe to use as a long-term test management system

Supports organisations with strict data-retention policies