Kommit deletes the data you tell us to delete, when you tell us to delete it. There is no soft-archive layer and we do not retain customer data "for compliance reasons" beyond what's described below.
Per-object deletion
You can delete most objects from the Kommit dashboard directly:
- —Agents: removing an agent cascades through its config revisions, runtime state, and any related evidence pack references. The agent's history in the audit log is preserved — see "Why the audit log is different" below.
- —Documents and uploaded files: removed from the application DB and from object storage. Object-storage soft-delete is disabled on our buckets, so the underlying blob is overwritten on the next compaction (typically within 24 hours).
- —Members: removing a member revokes their session immediately and removes their membership row. Their authored actions remain in the audit log (immutable per below) but the member's profile is no longer linked.
Whole-organization deletion
A hard org-delete from the Settings page cascades through every
tenant-owned table — workflows, decision events, projects, support
transcripts, audit logs, and embedding stores — via
ON DELETE CASCADE foreign keys to the organizations row.
Nothing is archived under a different name; the rows are gone from
Postgres on commit.
Backups containing the deleted data are aged out according to the backup retention policy below.
Backup retention
| Backup type | Retention | Why |
|---|---|---|
| Postgres daily snapshot | 30 days | Standard operational rollback window. |
| Postgres point-in-time WAL | 7 days | Allows recovery to any second in the last week. |
| Object storage snapshot | 30 days | Aligned with the DB snapshot retention. |
A deleted org's rows persist in the most recent snapshots for the
retention window above and then age out automatically. If you have
a regulatory requirement to prove deletion within a tighter
window than 30 days, we can issue an attestation letter — contact
security@getkommit.ai.
Why the audit log is different
The hash-chained audit log is the one surface where customer data is not deletable on request. Editing or removing past audit-log entries would defeat the entire point of a tamper-evident trail — auditors couldn't trust it.
If you delete the organization, the audit log goes with the cascade. But individual entries are not editable or removable from the dashboard or the API.
See [#hash-chained-audit-log] for the integrity model and [#exporting-audit-logs] for how to pull a copy out before deletion.
GDPR / data-subject requests
If a data subject under GDPR (or a similar regime) asks you to
delete data Kommit holds about them, you can perform the deletion
yourself for any object except the audit log. For the audit log,
contact security@getkommit.ai and we will work through the
regulator-acceptable approaches with you. See
[#gdpr-support] for the broader posture.