LET'S TALK
← All work
GDPR Art 17DSARRight to ErasureSub-Processor Fan-OutDeep Prototype

RtbfFlow — GDPR Art 17 Erasure Fan-Out

One deletion request, 14 downstream systems. Each system has its own deletion API, retention exception, and SLA. Renders the actual fan-out — Postgres CASCADE, Stripe redaction, Intercom permanent-delete, Segment Regulations API, Sentry tag scrub, Datadog retention wait, S3 versioned delete, Auth0 invalidation, backup rotation, Twilio gap.

RtbfFlow — GDPR Art 17 Erasure Fan-Out preview
Open live →

What it is

The shape behind GDPR Art 17 erasure automation (Transcend, DataGrail, OneTrust DSAR). The 30-day Art 12(3) clock starts the moment a request lands. The work is the fan-out — every downstream system has its own API, its own retention exception, and its own gap.

What’s in it

  • One real DSAR (DSAR-2025-09142) for a.murphy@gmail.com. Received 2025-09-12. 12 days remaining on the Art 12(3) clock.
  • 14 downstream systems each with their own erasure path:
    • app-postgresDELETE … CASCADE in a transaction with a no-PII audit row
    • analytics-snowflakeDELETE FROM events_raw (6h SLA — micro-partition rewrite)
    • stripe-payments — customer redacted; transaction records retained 7y (Art 17(3)(b) — 5AMLD)
    • intercom-cs — permanent-delete after 14-day undo window
    • segment-cdp — Regulations API fans out to 8 destinations (72h SLA)
    • sendgrid — delete + hash to global suppression list
    • sentry — manual tag/event scrub (no native subject-delete)
    • datadog — 14-day retention waits it out (no subject-delete API)
    • s3-uploads — versioned delete with bypass-governance-retention
    • github-issues — issues retained with email redacted (Art 17(3)(d) — archive)
    • auth0 — user delete + JWT blacklist for active sessions
    • backup-warm — 7-day natural rotation completes it
    • backup-cold — Glacier exempt under 5AMLD; restore-and-replay policy
    • twilio-sms — known gap; manual support ticket TT-887421
  • Real operations — actual API verbs (POST /v1/workspaces/.../regulations), real auth headers, real evidence trails.
  • Exception classes mapped to Art 17(3) — legal obligation (3)(b), legal claims defense (3)(e), public-interest archive (3)(d), free-expression (3)(a).
  • Progress bar + per-system status: erased / partial / failed / exempt / pending.

Why this shape

The hardest thing about Art 17 is not the legal text. It is the operational fan-out — 14 systems × 5 different deletion semantics × retention exceptions × sub-processor SLAs. RtbfFlow prototypes that shape directly. Every row shows the actual API call, the actual evidence trail, and the actual regulatory citation.

How it ships

Single HTML file, ~24KB. Zero dependencies. 14 systems + per-system code snippets + Art 12(3) clock in 240 lines of vanilla JavaScript.

Open the tool →