This article explains how TrackTik anonymizes personal data after the retention period ends.
Each data type—reports, sites, and employees—follows its own rules. This guide helps you understand what changes, what stays the same, and how the system applies to your settings.
How anonymization works
When a retention period expires, the GDPR engine runs and anonymizes the fields that contain personal data.
During anonymization:
- only values are replaced
- structures, schemas, and relationships stay the same
- original values cannot be restored
This ensures the data is still usable for reporting or analysis but no longer identifies individuals.
Report data anonymization
Report data may include personal fields such as names, contact details, or other sensitive information.
How personal data is identified
Report templates include a “Contains personal data” flag. Template creators use this flag to mark fields that include personal information.
If a field is marked:
- all reports created from that template inherit the classification
- anonymization applies only to those marked fields
What happens during anonymization
When the retention period ends:
- flagged fields are anonymized
- values are permanently deleted
- the system replaces them with:
dashes for text, zeros for numbers, anonymized email address, blanks for GPS tracks, and placeholder for media
Non‑PII fields stay the same and remain visible.
Field‑level overrides for reports
Sometimes a report includes personal information that wasn’t flagged in the original template. Administrators can correct this by marking additional fields as PII after submission.
Important rules:
- overrides apply only to the selected report
- they do not modify the template
- they do not affect other reports
- PII-marked template fields cannot be downgraded at the report level
During anonymization, the system treats template-level and report-level PII flags the same.
Site data anonymization
TrackTik anonymizes site-related data when a site reaches the end of its retention period. This includes many optional data points, such as contact information and site instructions.
What types of site data can be anonymized
The following values are replaced during anonymization:
- company name
- unique site identifier
- main and additional contact details
- addresses
- site locations and positions
- attached documents
- post orders
- task instructions
- journal entries and message board content
- author information
- site-level audit logs
Only values change—schemas remain intact.
When anonymization applies
Site anonymization follows region-level rules because each site belongs to one region.
The retention countdown begins when the site is:
- closed, or
- inactivated
Employee data anonymization
Employee data is anonymized after the employee has been terminated and the retention period ends.
Which employee fields are anonymized
These include:
- personal details (name, username, gender)
- contact information (email, phone numbers)
- government identifiers (badge ID, Social Security Number)
- addresses
- employment metadata
- photos or profile images
- emergency contacts
Values are replaced with:
Employee retention rules
Employee anonymization is always region‑based. Site-level rules do not apply.
The retention countdown begins only when an employee is terminated. If the employee is reactivated:
- the countdown is canceled
- anonymization will not occur
a new countdown starts only after the next termination
After anonymization
Once an employee profile is anonymized:
- the profile becomes read‑only
- it cannot be edited
- no new personal data can be added
Summary
Anonymization ensures the system removes personal data while keeping your operational data useful. Each area—reports, sites, and employees—follows clear rules so you can manage your data retention with confidence.