Deletion Requests
CoralLedger Comply supports a structured, auditable workflow for permanent data deletion. Users can request deletion of their data, and operators control whether that request is approved, rejected, or executed.
Accessing Deletion Requests
Navigate to Platform Ops > Data Operations > Deletion Requests. This feature requires PlatformAdmin access.
How the Workflow Works
User submits request → Operator reviews → Approved / Rejected
↓ (Approved)
30-day DPA grace period
↓
Operator executes with
typed confirmation
↓
Data permanently deleted
1. User Submits a Request
Any authenticated user can submit a deletion request from Account Settings > Privacy > Request Data Deletion:
- Select the scope of data to delete
- Provide a reason for the request
- Confirm submission
A pending request is created and the user is notified by email.
2. Operator Reviews the Request
Operators see all pending requests in the Deletion Requests queue, including:
- Requestor — Name and email of the user
- Submitted — Date and time of submission
- Scope — What data the request covers
- Reason — Reason provided by the user
- Status — Current status of the request
3. Approval or Rejection
Approving a Request
- Open the request
- Click Approve
- Add an optional operator note
- Confirm the approval
The request status changes to Approved and the 30-day DPA grace period begins. The user is notified.
Rejecting a Request
- Open the request
- Click Reject
- Enter a rejection reason (required — this is communicated to the user)
- Confirm the rejection
The request status changes to Rejected. No data is deleted.
Request Status Lifecycle
Deletion requests move through the following statuses:
| Status | Meaning |
|---|---|
| Pending | Submitted by the user; awaiting operator review |
| Verified | Request details have been verified; pending approval decision |
| Approved | Approved by an operator; 30-day DPA grace period is running |
| InProgress | Grace period has elapsed; deletion is actively being processed |
| Completed | Data has been permanently deleted |
| Rejected | Request was denied by an operator |
| Cancelled | Request was withdrawn before execution |
The 30-day grace period is required under the Data Protection Act (DPA). During this window, the user can contact support to withdraw their request. Execution is blocked until the grace period expires.
Executing a Deletion
After the 30-day grace period expires, an operator can execute the deletion:
- Open the approved request
- Click Execute Deletion
- A confirmation dialog appears explaining what will be permanently deleted
- Type EXECUTE DELETE NOW (exact text, case-sensitive) in the confirmation box
- Click Confirm Execution
Data deletion is permanent and cannot be undone. All associated records and attachments are destroyed. Audit trail entries remain immutable, but may display redacted or anonymized field values after deletion. Ensure you have exported any data required for legal or compliance purposes before executing.
The request status changes to Completed and a final audit entry is created.
Request History
All deletion requests — regardless of outcome — are retained in the request history table. You can filter by:
- Status — Pending, Verified, Approved, InProgress, Completed, Rejected, Cancelled
- Date range — Submission date
- Requestor — Search by name or email
Audit Trail
Every action in the deletion request workflow is recorded in the Audit Trail, including:
- Request submission (with requestor IP)
- Operator approval or rejection (with note)
- Execution (with typed confirmation reference)