Qeet Docs
Platform

GDPR & retention

Right-to-erasure (async purge with PII redaction, audit survives), data export, and per-tenant retention auto-purge.

Qeet ID has built-in support for the data-subject rights and retention controls GDPR expects: erasure, export, and retention.

Right to erasure (Article 17)

Erasure asynchronously purges a user's personal data. PII is redacted, but the audit record of the deletion survives (without PII) — so you keep a provable compliance trail without retaining personal data.

POST/v1/gdpr/purgeRequest an erasure
GET/v1/gdpr/purge/{id}Check purge status
POST/v1/users/{id}/purgePurge a specific user
curl -X POST https://api.qeetid.com/v1/gdpr/purge \
  -H "Authorization: ApiKey $QEETID_API_KEY" \
  -d '{"user_id":"'$USER'"}'

Erasure is irreversible

Purge removes personal data permanently. It's distinct from a soft-delete — a soft-deleted user can be restored from the recycle bin; a purged user cannot.

Retention

Each tenant configures how long data is retained; an auto-purge enforces it (with a preview and a manual run for ad-hoc cleanup).

GET/v1/tenants/{tenantID}/retentionRead retention policy
GET/v1/tenants/{tenantID}/retention/previewPreview what would be purged
POST/v1/tenants/{tenantID}/retention/runRun retention now

Retention auto-purge respects the audit hash chain — purging old data doesn't invalidate the integrity proof for what remains.

Audit

An append-only, SHA-256 hash-chained audit log with a /verify integrity endpoint — provable tamper-evidence most CIAM platforms don't offer.

Secrets vault

Per-tenant AES-256-GCM secret storage, with the encryption key sourced via a pluggable KeyProvider (AWS KMS drops in).

On this page

Right to erasure (Article 17)Retention