Data deletion - Right to be forgotten

🔐 Data Deletion Request Flow

This diagram outlines the flow followed when a user submits a data deletion request within the Zyphe vault system. It ensures compliance with data privacy regulations while honoring data retention obligations of businesses.

🧭 Flow Overview

• User-Initiated: The process starts when a user submits a data deletion request.

• Business-Aware Deletion: The system checks if the data is currently shared with any businesses and takes action based on retention policies.

• Safe Cleanup: Ensures that vault data is only deleted once all business obligations are cleared.

🖼️ Diagram

🧩 Step-by-Step Breakdown

1. Delete Request Initiated

• Triggered when the user asks to delete personal data.

2. Check: Is Data Shared with a Business?

• No: Data is immediately deleted from the user’s vault.

• Yes: The system proceeds to identify all businesses with access.

3. List All Businesses With Data Access

• System retrieves a list of businesses currently accessing the user’s data.

4. Check: Has Each Business’s Retention Period Ended?

• Yes: The system revokes access from the business.

• No: The data is copied to temporary storage to preserve it until retention ends, and access is revoked from the original vault.

5. Check: Is Data Shared With Other Businesses?

• No: Once all accesses are removed, and no other businesses have data access, the system deletes the data from the vault.

• Yes: The system waits for all other businesses’ retention policies to expire before final deletion.

🔄 Special Considerations

• 🔐 Temporary Storage: Used as a holding area for data still under retention obligation but no longer actively shared.

• ⏱️ Retention-Aware: Ensures businesses retain data only for as long as permitted.

• ✅ Privacy-First: Data is fully deleted once no further obligations exist.