Data Deletion & Retention
Admin APIs for enforcing data retention policies — delete stored token mappings and audit records after a defined retention window.
Protecto provides admin-only APIs to enforce data retention policies by deleting stored data mappings and audit records after a specified time window. All deletion operations run asynchronously and return a tracking ID.
Data deletion APIs are not available on trial accounts. A paid subscription and Namespace Admin token with metadata_change permission are required.
What can be deleted
| Data type | Description | Typical use |
|---|---|---|
| Personal Data Mappings | Stored mappings between clear text and tokens for pseudonymizable entities | Required for unmasking — delete to enforce right-to-erasure |
| Audit Records | Logs of API calls, users, payloads, and responses | Compliance, forensics, reporting — delete after retention window |
How deletion works
All deletion requests:
- Run as background jobs
- Return a
tracking_id - Can be monitored via the job status API
You can delete records older than:
- A specific date (
YYYY-MM-DD) - A duration in days (e.g.,
90for records older than 90 days)
Compliance use cases
| Regulation | Requirement | Protecto API |
|---|---|---|
| GDPR Article 17 | Right to erasure | Delete personal data mappings |
| GDPR Article 5 | Storage limitation | Schedule deletion after retention window |
| SOC 2 | Data retention controls | Background deletion with auditable tracking |
| HIPAA | Minimum necessary rule | Delete PHI token mappings after use |
Deletion is irreversible. Deleting personal data mappings removes the ability to unmask those tokens. Ensure this is intentional and aligned with your retention policy.
API reference
Was this page helpful?
Last updated 3 weeks ago
Built with Documentation.AI