Data Safety, Deletion & Compliance

Processes for export and deletion requests, soft-deletes with recovery windows, background job processing, and audit trails to meet GDPR/CCPA needs.

What Is This Feature?

When a customer asks you to delete their data — or when a regulator requires you to export it — you need a reliable, auditable, and safe way to do it. This feature covers the tools and processes for handling data export and deletion requests: how they're submitted, how they're processed in the background, how progress is tracked, and how mistakes can be recovered from. It's built with compliance regulations like GDPR and CCPA in mind, where the right to erasure and data portability aren't optional.

Why It Matters to Your Business

Data privacy regulations are no longer just a concern for large enterprises — they apply to any company processing personal data from EU or California residents, among others. Getting this wrong carries real financial and reputational risk.

Regulatory compliance. GDPR requires you to delete a person's data upon request, typically within 30 days. CCPA has similar requirements. Having a reliable, auditable process is the difference between compliance and liability.
Customer trust. Customers increasingly ask about data deletion and portability before signing contracts. Being able to demonstrate a robust, working process builds confidence.
Safe by default. The platform uses "soft deletion" — data is marked as deleted and hidden from all interfaces immediately, but a brief recovery window exists before permanent removal. This means an accidental deletion can be undone before it becomes a crisis.
Scalable for large customers. A customer with years of conversation history might have millions of records. The deletion system is designed to handle large jobs in the background without disrupting the platform — processing in small batches, respecting system limits.

How It Works (No Technical Jargon)

A privacy officer or administrator submits an export or deletion request through the admin UI or API. The system creates a job record and immediately acknowledges it.

The job runs in the background — there's no need to keep a browser window open. The system:
- Works through the affected data in small batches, not all at once
- Respects per-organization rate limits so large jobs don't overload the database
- Continuously updates progress so you can check the status at any time

When data is marked for deletion, it immediately disappears from all user-facing interfaces — no one can access it. But for a short window (configurable based on your policy), the data can be fully restored by an administrator if it was deleted by mistake. After that window closes, the data is permanently and irreversibly removed.

When a data export is requested, the system packages the relevant data into a secure, encrypted file and makes it available for download. Access to the export file is restricted to authorized administrators and is logged.

Progress Tracking and Notifications

You're not left wondering whether a job completed. The dashboard shows:
- Current status: queued, running, completed, or failed
- Progress percentage: how much has been processed so far
- Estimated completion time
- Any errors: if some items couldn't be processed, they're flagged for manual review

Large jobs can also send email notifications when they complete or encounter a problem.

Cancellation and Recovery

If you need to stop a job mid-way — say, you realize a deletion request was made in error — you can cancel it from the dashboard. Any data already processed won't be automatically undone (that would create its own risks), but you can restore specific items from within the recovery window.

Audit Trail

Every action is recorded:
- Who submitted the request and when
- What data was affected
- What the outcome was
- Who accessed any exported files

This audit trail is itself retained according to your compliance policy and can be exported for regulatory review.

What to Expect on the Roadmap

The team is building:

The core compliance job API with rate-limited background processing and progress tracking (estimated 3 weeks)
Encrypted export storage and access-controlled download links
An admin UI for submitting, monitoring, and canceling jobs

Once live, you'll have a complete, compliant data management system that you can confidently demonstrate to customers and regulators alike.