Skip to content
ANTE

Security

Data Deletion & Offboarding Runbook

Last updated: 2026-06-22

← All security documents

Owner: Multibook, Inc. · Version 1.0 · Reviewed annually.

Commitment

On termination of the service, the customer’s data is deleted within 30 days of the customer’s request, and ages out of backups within a further 30 days (30-day backup rotation). Physical storage-media disposal is handled by DigitalOcean under their ISO 27001 / SOC 2 controls.

Offboarding procedure

  1. Confirm & record the request. Record date, requester, and scope; confirm the effective end date with the customer.
  2. Export on request. If requested, produce a data export (database export and/or file export) and deliver it securely before deletion.
  3. Delete tenant data (≤30 days). Within 30 days: delete/disable accounts and application data, remove customer-uploaded files from object storage, and remove customer-specific credentials/integrations.
  4. Backups age out (≤ further 30 days). Daily database backups rotate on a 30-day schedule, so the data is automatically purged from backups within 30 days of production deletion. The rotation is verified.
  5. Confirm to the customer. Issue a written deletion confirmation letter stating what was deleted, when production deletion completed, and when backups will have fully aged out.
  6. Decommission infrastructure (if dedicated). For a single-tenant install, decommission the droplet(s) and detach/destroy the encrypted block-storage volume(s); DigitalOcean handles media sanitisation per their certifications.

Media disposal

ANTE does not own physical storage media. Block-storage volumes and their snapshots are encrypted at rest (LUKS/AES-256, DigitalOcean-managed keys); on destruction the data is unrecoverable. Physical media sanitisation/disposal is DigitalOcean’s responsibility under their ISO 27001 / SOC 2 programs.

Evidence retained

The deletion request, the confirmation letter, and the relevant audit-log entries are retained as a record of completion.