ErasureDocs
Guides

Handle a deletion request

Create, verify, start, and complete a Rights deletion case.

Handle a deletion request

Source: app_docs/guide/rights.md, app_docs/api.md, app_docs/guide/faq.md.

Goal

A Rights case that moves through verification and execution with a visible timeline (Activity) and optional Evidence export.

Lifecycle

         ┌─ cancel ─────────────────────────────┐
         │                                      ▼
OPEN ────┼── start ──► IN_PROGRESS ──► COMPLETED
(verify) │                  │
         │                  └── fail ──► FAILED

         └── (verification FAILED may remain OPEN)
FieldValues
StatusOPEN, IN_PROGRESS, COMPLETED, FAILED, CANCELLED
VerificationUNVERIFIED, VERIFIED, FAILED

Start requires:

  1. Verification VERIFIED
  2. Start readiness — enabled Systems; each SQL system has ≥1 DELETE entity with identifiers

Prerequisites

  • At least one enabled System
  • SQL systems: Data Map with DELETE entities + identifiers
  • Worker running (bun run worker for self-host; cloud must run a worker process)
  • Operational readiness not blocked

Without a worker, jobs stay PENDING.

Execution path

Start request
  → enqueue Job (rights.delete)
  → Worker claims job
  → Fulfill each enabled System using Data Map plans (SQL) or connector config (HTTP/Webhook)
  → COMPLETED or FAILED
  → Evidence assembles from Activity events
OutcomeMeaning
CompletedFulfilment path finished successfully (systems reported OK)
FailedPermanent or exhausted failure—see timeline
PartialSome systems OK, some failed—timeline and Evidence should show honestly
RetryRetryable errors requeue Job with backoff (runAfter)

SQL connectors do not invent tables. Deletes use Data Map entities.
HTTP/Webhook run from connector config without a map.

Operator path

Workflow

  1. Open Operations (#/rights).
  2. Create a case: subject needs email and/or externalId (API: POST …/cases).
  3. Ensure verification is VERIFIED (operator verification is trust-the-operator—not OTP proof).
  4. Confirm start readiness.
  5. Start the case → job enqueued.
  6. Watch status: IN_PROGRESS → COMPLETED or FAILED.
  7. Inspect Activity timeline for system-level outcomes.
  8. Open Evidence when needed (#/rights/:caseId/evidence).

Evidence payloads can show verifiedVia: otp for intake cases.

Public intake path

POST …/intake  →  email OTP  →  POST …/verify  →  request created VERIFIED
  • Case is not created until OTP succeeds.
  • OTP stored hashed; single-use; attempt lockout; rate limited.
  • Production: email via Resend (RESEND_API_KEY); never return OTP in JSON.
  • demoOtp only when not production or RIGHTS_INTAKE_DEMO_OTP=true.

Public routes:

  • GET /api/rights/v1/orgs/:orgSlug
  • POST /api/rights/v1/orgs/:orgSlug/intake
  • POST /api/rights/v1/orgs/:orgSlug/verify

Failure modes

SymptomCheck
Cannot startVerification, readiness, maps
Stuck pending / IN_PROGRESSWorker process, same DATABASE_URL as app
Failed caseTimeline + connector health
No rows deletedSKIP action, identifier mismatch, wrong table, preview COUNT was 0

FAQ notes

  • Direct SQL from the browser is intentionally not how deletion works—cases + worker + maps give verification, retries, timelines, and Evidence.
  • You can use Rights without Consent; you still need Systems (and Data Maps for SQL).

Next

Generate evidence · Troubleshooting · Rights API