Skip to main content
Back to Help Center

Soft Delete & Data Recovery

30-day retention policy for deleted compliance records

Data Protection Policy: When you delete a compliance record, it enters a 30-day retention period where you can restore it. After 30 days, records are automatically purged. This protects against accidental deletions while maintaining data hygiene.

📋 Contents

1. What is Soft Delete?2. Accessing Soft-Deleted Records3. How to Restore Records4. Permanent Deletion5. Permissions & Access Control6. CCO Scenarios7. Supported Record Types8. Audit Trail9. Best Practices10. FAQ

1. What is Soft Delete?

Soft delete is a data protection mechanism where deleted records aren't immediately removed from the database. Instead, they're marked as deleted and hidden from normal views, but remain recoverable for 30 days.

How It Works

1
User deletes a record (e.g., a DPIA, RoPA entry, control test)
2
System sets `deletedAt` timestamp on the record
3
Record hidden from normal views (dashboards, exports)
4
30-day retention period begins
5
After 30 days, automated purge removes record permanently
Benefits: Protects against accidental deletions, provides 30-day recovery window, maintains audit trail, complies with data retention policies.

2. Accessing Soft-Deleted Records

Navigation Path

Dashboard → Soft Deleted

Available in: Professional, Enterprise, Enterprise Plus dashboards

Soft Delete Page Features

  • Filter by type: RoPA, DPIA, Controls, DSAR Requests, Data Breaches
  • View deletion metadata: Who deleted, when deleted
  • Restore button: One-click recovery
  • Delete forever button: Permanent removal (requires confirmation)
  • Refresh button: Reload list (in case records auto-purged)

3. How to Restore Records

Restoration Process

  1. 1
    Navigate to Soft Deleted page
    From your dashboard, click "Soft Deleted" in the navigation menu
  2. 2
    Filter by record type (optional)
    Use filter buttons to narrow down: RoPA, DPIA, Controls, DSAR, or Breaches
  3. 3
    Locate the record
    Records are sorted by deletion date (most recent first). Check title and deletion metadata.
  4. 4
    Click "Restore" button
    Green button on the right side of the record. Loading spinner appears during restoration.
  5. 5
    Confirmation & audit log
    Success toast appears. Record removed from soft-deleted list. Audit log entry created with "RESTORE" action.
  6. 6
    Verify restoration
    Navigate to the original location (e.g., RoPA Registry). Record should be visible again.
Time Limit: Records can only be restored within 30 days of deletion. After 30 days, they are permanently purged and cannot be recovered.

4. Permanent Deletion

⚠️ WARNING: Permanent deletion is irreversible

Once you permanently delete a record, it cannot be recovered by anyone, including system administrators. Use this feature only when you're 100% certain the record should be removed forever.

Permanent Deletion Process

  1. 1
    Click "Delete Forever" button (red button on record)
  2. 2
    Confirmation modal appears: "Confirm permanent deletion?"
  3. 3
    Click "Yes, Delete" to confirm (or "Cancel" to abort)
  4. 4
    Record is hard deleted from database (cannot be recovered)
  5. 5
    Audit log entry created with "DELETE_PERMANENT" action

When to Use Permanent Deletion

  • Duplicate records created by mistake
  • Test data that shouldn't be in production
  • Records containing PII that must be erased (GDPR Art. 17 - Right to Erasure)
  • Records approaching 30-day auto-purge that you want to remove immediately

5. Permissions & Access Control

RoleView Soft-DeletedRestoreDelete Forever
ADMIN✓ All records✓ Allowed✓ Allowed
CCO✓ All records✓ Allowed⚠️ With justification
DPO✓ All records✓ Allowed⚠️ For Right to Erasure
MANAGER⚠️ Own department only⚠️ With approval✗ Denied
USER✗ Denied✗ Denied✗ Denied
Note: All restore and delete actions are logged in the Organization Audit Log with user email, timestamp, and action type.

6. CCO Scenarios

📧 Scenario 1: "I accidentally deleted our primary DPIA!"

Situation:

You were cleaning up test DPIAs and accidentally deleted the production DPIA for your main product. It's referenced in compliance package exports and was approved by the DPO last month.

Solution:
  1. Navigate to Dashboard → Soft Deleted
  2. Filter by "DPIA" type
  3. Locate the record (should be at top if deleted recently)
  4. Click "Restore" button
  5. Verify it appears back in DPIA Repository
✓ Recovery Time: ~30 seconds

🗑️ Scenario 2: "We need to comply with GDPR Right to Erasure"

Situation:

An employee submitted a DSAR (Data Subject Access Request) with a Right to Erasure demand (GDPR Art. 17). You've already soft-deleted their DSAR request record, but the regulator requires proof of permanent deletion.

Solution:
  1. Navigate to Dashboard → Soft Deleted
  2. Filter by "DSAR Request" type
  3. Locate the employee's DSAR record
  4. Click "Delete Forever" button
  5. Confirm permanent deletion in modal
  6. Navigate to Org Audit Logs
  7. Filter by action: "DELETE_PERMANENT"
  8. Export CSV as proof of deletion for regulator
✓ Compliance: Audit log provides cryptographic proof of deletion timestamp

⏰ Scenario 3: "What happens after 30 days?"

Situation:

You deleted 50 test control records 31 days ago during a cleanup. Now you realize one of them was actually a production control. Can you recover it?

Answer:

No. After 30 days, records are automatically purged by the system and cannot be recovered by anyone, including system administrators. The 30-day window is absolute.

⚠️ Lesson: Review soft-deleted records weekly. Re-create the control manually from documentation/backups.

7. Supported Record Types

RoPA Records

Records of Processing Activities (GDPR Art. 30)

Database table: roPARecord

DPIAs

Data Protection Impact Assessments (GDPR Art. 35)

Database table: impactAssessment

Controls

Security and privacy control test results

Database table: control

DSAR Requests

Data Subject Access Requests (GDPR Art. 15-22)

Database table: dSARRequest

Data Breaches

Breach notification records (GDPR Art. 33-34)

Database table: dataBreach

8. Audit Trail

Every restore and permanent delete action creates an audit log entry in the Organization Audit Log. These entries are immutable and retained for 7 years for compliance purposes.

Audit Log Fields

action: "RESTORE" or "DELETE_PERMANENT"
resource: "ROPA" | "DPIA" | "CONTROL" | "DSAR_REQUEST" | "DATA_BREACH"
resourceId: UUID of the record
userId: Who performed the action
organizationId: Organization context
result: "SUCCESS" or "FAILURE"
ipAddress: Source IP address
details: Human-readable description
timestamp: ISO 8601 timestamp (UTC)

How to Access Audit Logs

  1. Navigate to Dashboard → Org Audit Logs
  2. Filter by action: "RESTORE" or "DELETE_PERMANENT"
  3. Filter by date range: last 7, 30, or 90 days
  4. Export to CSV for regulator requests

9. Best Practices

DO

  • ✓ Review soft-deleted records weekly
  • ✓ Restore records within 30-day window
  • ✓ Document reason for permanent deletions
  • ✓ Export audit logs for compliance proof
  • ✓ Train team on soft delete process
  • ✓ Use permanent delete for GDPR Art. 17 compliance

DON'T

  • ✗ Wait until day 29 to review deleted records
  • ✗ Permanently delete without confirmation
  • ✗ Delete records without business justification
  • ✗ Ignore soft-deleted records list (could have accidental deletions)
  • ✗ Share permanent delete permissions with all users
  • ✗ Forget to export audit logs for compliance packages

10. Frequently Asked Questions

Why 30 days specifically?

30 days is an industry standard that balances data protection (accidental deletion recovery) with data hygiene (not keeping deleted data forever). It aligns with most compliance frameworks including SOC 2, ISO 27001, and GDPR principles.

Can I change the 30-day retention period?

For Enterprise Plus customers: Yes, contact support to configure custom retention periods (7, 14, 60, or 90 days). For Professional/Enterprise: 30 days is fixed.

Are soft-deleted records included in exports?

No. Soft-deleted records are excluded from all dashboard views, compliance package exports, and CSV exports. They only appear in the Soft Deleted management page.

Do soft-deleted records count against my quota?

No. Soft-deleted records do not count toward your plan limits (e.g., max DPIAs, max RoPA entries). Only active (non-deleted) records count.

What happens to related records when I restore?

All related records are restored atomically. For example, restoring a DPIA also restores all associated test results, DPO approval metadata, and linked controls. This maintains referential integrity.

Can I bulk restore or bulk delete?

Not currently. Each record must be restored or permanently deleted individually. This is intentional to prevent accidental bulk actions. Enterprise Plus customers can request bulk operations via support (with additional confirmation steps).

Related Resources

Audit Logs

Query and export audit trail for soft delete actions

DPO Approvals

Workflow for restoring DPO-approved DPIAs

Health Score

How soft-deleted records affect compliance scores