This article is the practical companion to our Privacy Policy; the policy is the legal source of truth.
Workspace data — the 30 / 60 / 90 cascade
When you cancel or soft-delete a workspace, your data follows a cascade with three stages before it is physically removed:
- Days 0–30 — Deleted (soft). Workspace is read-only. You can restore everything by clicking Restore workspace.
- Days 30–90 — Archived. Workspace is read-only and exportable. You cannot restore, but you can still pull a ZIP via data export.
- Day 90 — Hard-deleted. Projects, compilations, R2 artifacts, audit log entries (after archival to cold tier described below), BYOK secrets, and cache entries are physically removed.
- Days 90–120 — Tombstone. The workspace row itself is retained for 30 more days to absorb late-arriving vendor webhooks (Stripe occasionally delivers events days after a billing event). After that, the tombstone is also physically removed.
Audit log — 90-day hot, 24-month cold
- For 90 days after each event, audit log entries are in our hot tier and queryable in-product (Settings → Audit log).
- After 90 days, entries are archived to Cloudflare R2 in Parquet format and retained there for 24 months. They remain accessible to operators for forensics.
- After 24 months in cold storage, they are permanently deleted.
BYOK key material
- Stored encrypted at rest in Supabase Vault, scoped per workspace.
- Decrypted into per-request memory only; the in-memory buffer is zeroed using sodium-native zeroization on release.
- Revoked from the vault immediately on any non-Active workspace transition (Paused, Cancelled, Deleted, Archived, Hard-deleted). You can re-add keys when an eligible workspace is restored.
Backups
Our database backup strategy uses point-in-time recovery on the Supabase Pro tier. The PITR window applies to the entire platform; in the unlikely event of restoration, we restore to a prior point in time and individual workspace state aligns to that point. Backups are automatically purged on the same schedule as the underlying data.
What we never retain past need
- The full text of your BYOK API keys (we keep only the encrypted ciphertext + last 4 characters for display).
- Full payment-card numbers (Stripe is the system of record).
Stripe customer records (kept beyond workspace deletion)
Stripe customer records are retained beyond workspace deletion for as long as required by tax law. Subscription billing stops when the cascade completes; the Stripe record itself persists per Stripe's own retention.
Requesting immediate deletion
If you need immediate deletion in advance of the cascade — for example, to satisfy a GDPR Article 17 erasure request — email privacy@isokron.ai with your workspace slug. We commit to a 30-day SLA for privacy-related requests (Part 3 §8.4 of our architecture).
Paired with the SR-RETENTION-001 customer-support flow.