Togggle Documentation
  • Togggle Presentation
  • KYC Process
  • Integration Process
    • Webhook structure
    • Custom Fields
    • Successful Payload
    • Failure Payload
  • Decentralized Storage
    • Definitions
    • Types of Storages
    • Creation of the Personal Decentralized Storage
    • New User Verification Flow
    • One Click KYC
    • Company Dashboard
    • Authority Check
    • Data Deletion
  • B2B Dashboard
  • Reusable Credentials - One Click KYC
  • Product Information
  • Frequently Asked Questions
  • On-chain verifiable Proof-of-KYC
  • Wallet creation and VC
  • Architecture and Identity Flow
    • 🛡️ KYC Verification + AML Monitoring Flow
    • Data deletion - Right to be forgotten
Powered by GitBook
On this page
  1. Architecture and Identity Flow

Data deletion - Right to be forgotten

Previous🛡️ KYC Verification + AML Monitoring Flow

Last updated 1 month ago

🔐 Data Deletion Request Flow

This diagram outlines the flow followed when a user submits a data deletion request within the Zyphe vault system. It ensures compliance with data privacy regulations while honoring data retention obligations of businesses.

🧭 Flow Overview

  • User-Initiated: The process starts when a user submits a data deletion request.

  • Business-Aware Deletion: The system checks if the data is currently shared with any businesses and takes action based on retention policies.

  • Safe Cleanup: Ensures that vault data is only deleted once all business obligations are cleared.

🖼️ Diagram

🧩 Step-by-Step Breakdown

1. Delete Request Initiated

  • Triggered when the user asks to delete personal data.

2. Check: Is Data Shared with a Business?

  • No: Data is immediately deleted from the user’s vault.

  • Yes: The system proceeds to identify all businesses with access.

3. List All Businesses With Data Access

  • System retrieves a list of businesses currently accessing the user’s data.

4. Check: Has Each Business’s Retention Period Ended?

  • Yes: The system revokes access from the business.

  • No: The data is copied to temporary storage to preserve it until retention ends, and access is revoked from the original vault.

5. Check: Is Data Shared With Other Businesses?

  • No: Once all accesses are removed, and no other businesses have data access, the system deletes the data from the vault.

  • Yes: The system waits for all other businesses’ retention policies to expire before final deletion.

🔄 Special Considerations

  • 🔐 Temporary Storage: Used as a holding area for data still under retention obligation but no longer actively shared.

  • ⏱️ Retention-Aware: Ensures businesses retain data only for as long as permitted.

  • ✅ Privacy-First: Data is fully deleted once no further obligations exist.