We're still building things here! Help us improve by reporting bugs here.
Sign in

Data Safety, Deletion & Compliance

Processes for export and deletion requests, soft-deletes with recovery windows, background job processing, and audit trails to meet GDPR/CCPA needs.

What Is This Feature?

When a customer asks you to delete their data — or when a regulator requires you to export it — you need a reliable, auditable, and safe way to do it. This feature covers the tools and processes for handling data export and deletion requests: how they're submitted, how they're processed in the background, how progress is tracked, and how mistakes can be recovered from. It's built with compliance regulations like GDPR and CCPA in mind, where the right to erasure and data portability aren't optional.

Why It Matters to Your Business

Data privacy regulations are no longer just a concern for large enterprises — they apply to any company processing personal data from EU or California residents, among others. Getting this wrong carries real financial and reputational risk.

  • Regulatory compliance. GDPR requires you to delete a person's data upon request, typically within 30 days. CCPA has similar requirements. Having a reliable, auditable process is the difference between compliance and liability.
  • Customer trust. Customers increasingly ask about data deletion and portability before signing contracts. Being able to demonstrate a robust, working process builds confidence.
  • Safe by default. The platform uses "soft deletion" — data is marked as deleted and hidden from all interfaces immediately, but a brief recovery window exists before permanent removal. This means an accidental deletion can be undone before it becomes a crisis.
  • Scalable for large customers. A customer with years of conversation history might have millions of records. The deletion system is designed to handle large jobs in the background without disrupting the platform — processing in small batches, respecting system limits.

How It Works (No Technical Jargon)

Submitting a Request

Background Processing

What Soft Delete Means

Exports

Progress Tracking and Notifications

You're not left wondering whether a job completed. The dashboard shows:
- Current status: queued, running, completed, or failed
- Progress percentage: how much has been processed so far
- Estimated completion time
- Any errors: if some items couldn't be processed, they're flagged for manual review

Large jobs can also send email notifications when they complete or encounter a problem.

Cancellation and Recovery

If you need to stop a job mid-way — say, you realize a deletion request was made in error — you can cancel it from the dashboard. Any data already processed won't be automatically undone (that would create its own risks), but you can restore specific items from within the recovery window.

Audit Trail

Every action is recorded:
- Who submitted the request and when
- What data was affected
- What the outcome was
- Who accessed any exported files

This audit trail is itself retained according to your compliance policy and can be exported for regulatory review.

What to Expect on the Roadmap

The team is building:

1. The core compliance job API with rate-limited background processing and progress tracking (estimated 3 weeks)
2. Encrypted export storage and access-controlled download links
3. An admin UI for submitting, monitoring, and canceling jobs

Once live, you'll have a complete, compliant data management system that you can confidently demonstrate to customers and regulators alike.