DB-006 recommended general
Soft delete pattern implemented
Data uses soft deletes (deleted_at column) rather than hard deletes. Separate service handles permanent deletion after retention period.
Question to ask
"When a user deletes their account, is it recoverable?"
Verification guide
Severity: Recommended
Check automatically:
Look for soft delete columns in Prisma schema:
grep -E "deleted_at|deletedAt|is_deleted|isDeleted" prisma/schema.prismaCheck for soft delete middleware or filters:
grep -r "deletedAt\|deleted_at\|softDelete" --include="*.ts" --include="*.js" src/Look for deletion service or job:
grep -r "hard.?delete\|permanent.?delete\|purge" --include="*.ts" --include="*.js" -i
If soft delete patterns found, ask user:
- Does a separate service handle permanent deletions?
- What is the retention period before hard delete?
If no soft delete found, ask user:
- Is hard delete intentional for this project?
- What data is being deleted and why is soft delete not used?
Pass criteria:
- Soft delete pattern in place, OR
- Documented exception with justification
Fail criteria:
- Hard deletes with no audit trail
- No documented deletion strategy
Evidence to capture:
- Soft delete column locations
- Deletion service/job if exists
- Retention policy