Data Deletion

Deletion is not a feature request. It is a structural property enforced by system design.

Deletion Principles

Immediate

User-initiated deletion takes effect without delay. Deletion is not queued, scheduled, or subject to grace periods.

Irreversible

Deleted data cannot be recovered. This is intentional. Recovery mechanisms are liabilities.

Verifiable

Users can verify that deletion has occurred. Verification does not require trust in operator claims.

Complete

Deletion includes all copies: primary storage, backups, caches, and derived data. No shadow copies, no retained metadata.

Implementation

Cryptographic Deletion

Where data is encrypted, deletion of the encryption key renders data unrecoverable without destroying storage media.

Backup Expiration

Backups have defined lifetimes. Backup retention does not exceed operational necessity. Old backups are automatically destroyed.

No Compliance Theater

Deletion requests are not logged for compliance purposes. The act of requesting deletion is itself potentially sensitive information.

What We Do Not Keep

• Records of deleted data
• Logs of deletion requests
• Metadata about deleted accounts
• Soft-deleted or archived copies

The only way to guarantee data security is to not have the data.