Documentation Index
Fetch the complete documentation index at: https://grantmaster.dev/llms.txt
Use this file to discover all available pages before exploring further.
Data Retention and Offboarding
This document defines the lifecycle of tenant data, from active usage to permanent deletion (the “Right to be Forgotten”).🏗️ Purge Lifecycle Visual
📅 Retention Strategy
GrantMaster operates on a “Minimum Necessary” data retention policy.| Data Type | Retention Period | Rationale |
|---|---|---|
| Active Pursuit Data | Indefinite | Required for ongoing grant management. |
| User Activity Logs | 1 Year | Security auditing and troubleshooting. |
| Soft-Deleted Files | 30 Days | Safety net for accidental deletion. |
| Stripe Billing Data | 7 Years | Legal and tax compliance. |
🚪 Tenant Offboarding Process
When a tenant cancels their subscription, the system initiates the Permanent Purge sequence.Stage 1: Suspension (Day 1-30)
- Access to the platform is revoked.
- The
tenants/{id}document is markedstatus: 'suspended'. - Data is still retrievable by SuperAdmins in case of a reactive subscription.
Stage 2: Soft Deletion (Day 31-60)
- The
tenants/{id}document is markedstatus: 'deleted'. - The tenant is hidden from all admin lists.
- Background workers begin unlinking cross-tenant relations.
Stage 3: Hard Deletion (Day 61+)
- Firestore Shredding: The
shredderfunction iterates through all collections wheretenantId == {id}and deletes all documents. - Storage Wipe: The
deleteTenantAssetsfunction purges the{tenantId}/folder in Cloud Storage. - Encryption Key Rotation: The tenant-specific encryption key in GCP Secret Manager is scheduled for deletion.
🧹 Manual “Right to be Forgotten” (RTF)
Users may request individual data deletion under GDPR. SuperAdmins must execute thertf-user-cleanup script:
- Redacts the user’s name and email in all
EffortsandComments. - Deletes the
users/{id}document. - Anonymizes the user in analytics logs.