RET-003 recommended Data Cleanup

Periodic review of old soft-deleted data

Process exists (automated or manual) to periodically review soft-deleted records for permanent deletion

Question to ask

"How much deleted data is silently accumulating right now?"

Verification guide

Severity: Recommended

Soft-deleted data shouldn't accumulate forever. There should be a process (automated or manual) to periodically review old deleted records and decide whether to permanently purge them.

Check automatically:

  1. Look for scheduled cleanup jobs:
# Cron job definitions
grep -rE "@Cron|cron\s*:|schedule.*delete|cleanup.*schedule" --include="*.ts" --include="*.yml" --include="*.yaml" src/ 2>/dev/null

# Node-cron or similar schedulers
grep -rE "node-cron|agenda|bull.*cleanup|bree" package.json 2>/dev/null

# Background job processors
grep -rE "queue.*retention|job.*cleanup|worker.*purge|worker.*delete" --include="*.ts" src/ 2>/dev/null
  1. Look for data cleanup scripts:
# Scripts directory
ls -la scripts/*delete* scripts/*cleanup* scripts/*purge* scripts/*retention* 2>/dev/null

# Package.json scripts
grep -E "cleanup|purge|retention|archive" package.json 2>/dev/null
  1. Look for admin interfaces for data management:
# Admin routes for deleted/archived data
grep -rE "deleted|archived|purge|retention" --include="*.ts" routes/ api/ app/ 2>/dev/null | grep -iE "admin|internal"

# Admin dashboard components
grep -rE "DeletedRecords|ArchivedData|DataRetention|PurgePanel" --include="*.tsx" --include="*.ts" src/ 2>/dev/null
  1. Check for retention period configuration:
# Environment variables or config
grep -rE "RETENTION|retention.*days|DELETE_AFTER|PURGE_AFTER" --include="*.ts" --include="*.env*" --include="*.yml" 2>/dev/null

Ask user (if no automated process found):

  • "Do you have a manual process for reviewing soft-deleted data?"
  • "How often do you review deleted records for permanent deletion?"
  • "Who is responsible for data retention decisions?"

Cross-reference with:

  • RET-004 (hard delete capability)
  • RET-005 (legal holds may prevent deletion)

Pass criteria:

  • Documented process for reviewing soft-deleted data (automated or manual)
  • Process runs periodically (quarterly, annually, etc.)
  • Someone is accountable for this review

Fail criteria:

  • No process exists - deleted data accumulates indefinitely
  • "We'll deal with it later" without a concrete plan

Evidence to capture:

  • Retention review mechanism (scheduled job, script, manual process)
  • Review frequency
  • Owner/accountable party
  • Retention period (if defined)

Section

24. Data Retention

Data Management

← Previous

RET-002

Soft delete queries exclude deleted records by default

 Next →

RET-004

Hard delete after review period