Data Deletion

GDPR/CCPA right-to-be-forgotten request workflow.

Last updated 05/24/26

What this surface does

The Data Deletion surface receives customer right-to-be-forgotten (GDPR Article 17 / CCPA §1798.105) requests, runs the grace-period clock (migration 149), and executes the cascaded deletion when the timer expires.

When to use it

A customer formally requests deletion — accept the request here.
Reviewing pending requests inside their grace period.
Executing the deletion at end-of-grace.

Key gotchas

Grace period is 30 days by default. The customer can cancel inside that window.
Some data must be retained for legal reasons (tax records, signed agreements). Deletion redacts PII but preserves the financial trail.
Once executed, deletion is irreversible. Confirm twice. Audit log captures the operator.

Data deletion runbook
Data Export, Audit Log.

What this surface does

When to use it

Key gotchas

Related