Ask HN: Should I let clients delete their data?
For a SAAS product i'm building I was wondering how to handle data deletion. When a user clicks to delete a record, should I actually remove that record from the database, or should I flag it for deletion, so that the record no longer shows, but it is retained.
The reason I thought of doing this is in case a support request coming through along the lines of "i deleted this by mistake, please help". In this case, changing a field in the table would be much easier than restoring a backup and then writing a script to put the data back into the live database.
Is this a good approach? An alternative to having a delete flag would be moving records to a deletion table, but that seems more work. Obviously, if a client doesn't request a deleted record to be restored after a certain period of time, the record can actually be deleted (via an automated process).
9 comments
[ 2.4 ms ] story [ 32.7 ms ] threadBut it is also important to treat deletion carefully. Depending on the data, there might be a need for an audit trail for deleting data (which mostly would mean that you only mark it as deleted, so you can later see who deleted it and what was deleted).
You might also allow normal maintainers to mark things as deleted, and then only allow specific access levels at the individual customer to see the deleted data. Everything should be accessible by the customer.
I suggest that you think carefully before requiring yourself or anyone in your support to be responsible for data maintenance. This opens up for a lot of extra work, and confusion about who has access to the data as part of their daily work.
Hmm...even better might be allowing the user to establish their own deletion policy. And establishing policies for the SAAS company regarding recovery and recovery, if it is available, is another service that the SAAS company could charge money for...though I am probably assuming a B2B model.
Anyway, my primary recommendations are:
1. Be clear what the company is actually doing.
2. If the user has control of the data policy, then let them tune the policy.
Good luck.
Essentially it doesn't delete but gives the impression to the user that it deletes. I like this idea because it really does guard against mistakes.
I'm not sure if you have an ethical/moral concern with retaining data that a user thinks is deleted but that's another thing altogether (Personally, I don't.)
Soft Deletes are pretty standard in development and I would recommend going that route unless sensitive data is involved and there is a reason to worry about data being retained as a bad thing.
For Rails: https://github.com/rubysherpas/paranoia
For Laravel: https://laravel.com/docs/5.3/eloquent#soft-deleting