Specialist product history
No working-pattern history, onboarding journeys, leave policy or balance ledgers, custom fields, compliance workflow state or audit history.
Before joining, inspect data, billing and closure. HollyHR names answers and limits.
It means the route out already exists before you decide to leave. A System Admin can prepare a secure organisation archive without raising a cancellation request or paying a separate export fee.
It does not mean every subscription is monthly, that closure happens the moment you cancel, or that one supplier's archive drops cleanly into another. Billing, closure, deletion and migration are separate jobs. We'd rather show each one than hide them inside “your data is yours”.
Fourteen core data areas leave as separate CSV files. Eligible uploaded files sit in their own folders. The bundle manifest accounts for the expected datasets, while the document manifest records each considered document entry as included or skipped with a reason.
Cancellation is not deletion, and deletion is not backup expiry. HollyHR keeps the stages visible so an owner can store the archive before access ends.
After billing has ended, a System Admin can permanently delete an eligible organisation with typed confirmation. Live application data is removed and storage deletion is queued; one deletion-evidence audit event remains. Encrypted backups keep a 35-day recovery window before provider-lifecycle deletion is scheduled, while legal or provider-side retention can still apply.
Organisation archive, subject access, payroll hand-off, reports and API reads have different actors, outputs and evidence. HollyHR keeps those boundaries explicit.
Inspect the developer documentationThe current CSV and .xlsx importer is a bounded start for core people data. It shows suggested mappings, ignored columns, validation and a five-row preview before writing. It is not a restore tool for a HollyHR archive.
The archive is useful precisely because its contents and omissions are inspectable. These are current product limits, not footnotes saved for the day you leave.
No working-pattern history, onboarding journeys, leave policy or balance ledgers, custom fields, compliance workflow state or audit history.
Eligible files are capped at 25 MiB each and 100 MiB of uploaded-file content per export. External links remain metadata.
The ZIP can include personal, address, employment, pay and bank values. Store and transfer it as carefully as the live HR system.
Separate CSVs make review and mapping possible. They are not a guaranteed one-click import into HollyHR or another supplier.
A portability promise should survive specific questions. These are HollyHR's current answers—not a roadmap presented as proof.
Yes. A System Admin starts it in Settings after a fresh security check.
Yes. The ZIP separates 14 core data areas; a missing expected area stops success.
Yes, within the stated limits. A document manifest records every considered document entry as included or skipped.
Cancellation takes effect at billing-period end. Paid access continues until then.
No support ticket or cancellation request is needed, and there is no separate export fee.
The bundle has manifests, and a completed organisation export enters the audit trail.
The answers below describe the current product, billing and data boundary—not an idealised future migration service.
Ask us about your exit requirementsSelf-serve Standard is monthly or yearly. Stripe-billed customers cancel from Billing settings; other arrangements are managed outside that portal. Cancellation takes effect at period end, with paid access continuing until then. Deletion is separate: export before closing the workspace.
After a fresh security check, a System Admin can prepare a private ZIP with 14 named CSV areas, eligible profile and native compliance files, two manifests and an uploaded-file policy summary. The private download link lasts five minutes.
No. Named exclusions include working-pattern history, onboarding journeys, policy and balance ledgers, custom fields, compliance workflow state and audit history. Uploaded files are limited to 25 MiB each and 100 MiB total; external links remain metadata.
Not as a lossless round trip. The CSV and .xlsx importer maps a 12-field people shape, accepts up to 500 rows and previews five rows. History, balances, files and configuration need separate reconciliation.
An authorised System or HR Admin can generate an inventoried JSON bundle for an active person, with named exclusions and a fail-closed audit. Archived leavers use a guarded operator path. Identity checks, legal review and secure disclosure remain controller responsibilities.
A System Admin can prepare an audited generic, pay-period-changes or Xero Payroll UK readiness pack. It can reduce re-keying, but needs operator review. Sensitive values are flags-only by default, bank details stay excluded and HollyHR does not submit payroll. Xero is a hand-off template, not a connector.
The governed beta REST API lets approved clients poll people, time off and active-member profile-document metadata using updated_since. Approved reads are on every plan; document bytes and compliance records are excluded. System Admins create scoped keys after fresh MFA. Standard includes signed-webhook management; other programmatic writes need exact HollyHR approval.
Join early access—or inspect the exact archive contract before you decide.