Data Retention & Deletion

Status: Draft Author: Ryan Nel Date: 2026-05-01

Problem

There is no cascade-delete path for a meeting. Deleting a meeting record in PostgreSQL leaves behind: GCS audio chunks, the composed audio file, voice embeddings used for speaker matching, and any LLM-generated artefacts (summaries, talking points). There are no lifecycle policies for temporary objects (OPFS buffers, pre-compose chunks beyond the 24h GCS TTL). There is no GDPR-compliant "right to erasure" flow that ensures all derived data is removed. The compliance posture of the platform degrades with every recording stored.

Appetite

2–3 weeks. The scope is a delete cascade across PostgreSQL, GCS, and any embedding store, plus lifecycle policies for ephemeral objects. An audit trail for compliance verification may extend this.

Why Now

Meeting recordings contain sensitive audio data — conversations, decisions, and potentially legally protected speech. The longer recordings accumulate without a deletion mechanism, the larger the compliance surface grows. This should be in place before live recording reaches production users.