Section 24 · Data Management
Data Retention
Soft delete implementation, data cleanup processes, and legal retention compliance
This guide walks you through auditing a project's data retention practices, including soft delete implementation, data cleanup processes, and legal compliance.
The Goal: Reversible by Default
Data deletion should be recoverable, auditable, and compliant with legal requirements.
- Soft deletes everywhere — Critical business data is never permanently lost from regular operations
- Automatic filtering — Queries exclude deleted records by default, with escape hatches for audits
- Periodic review — Soft-deleted data gets reviewed and cleaned up, not accumulated forever
- Gated hard deletes — Permanent deletion exists but requires review, logging, and approval
- Legal compliance — Retention periods and legal holds prevent accidental deletion of required data
Before You Start
- Get access to the codebase (required for this section)
- Identify the ORM/database layer in use (Prisma, TypeORM, Sequelize, Drizzle, raw SQL)
- Identify critical tables - ask user if not obvious (users, orders, payments, subscriptions, invoices)
Soft Delete Implementation
Critical business data uses soft deletes (deleted_at column) instead of hard DELETE operations
“What happens when a user 'deletes' their account?”
Queries automatically filter out soft-deleted records via ORM feature or global middleware; escape hatch exists for admin/audit
“Can deleted records leak into API responses?”
Data Cleanup
Process exists (automated or manual) to periodically review soft-deleted records for permanent deletion
“How much deleted data is silently accumulating right now?”
Capability exists to permanently purge reviewed soft-deleted data; retention period defined; purges are auditable
“Who owns the decision to permanently purge data?”