Deletion Policies

Configure data deletion policies for your server and maintain GDPR compliance.

Policy overview

Clocky offers flexible deletion policies to balance user privacy rights with organizational needs.

Three deletion modes

  • Name
    Immediate
    Description

    User data is deleted instantly when requested. Best for privacy-first organizations.

  • Name
    Grace period
    Description

    Deletion is delayed for a configurable period. Allows recovery from accidental deletions.

  • Name
    Requires approval
    Description

    Admins must manually approve all deletion requests. Maximum control and oversight.

View current policy

/admin-configure-deletion view-config

Shows:

  • Current deletion policy
  • Grace period duration (if applicable)
  • Legal retention status
  • Pending deletion requests count

Immediate deletion

Data is deleted permanently and instantly when users request it.

Enable immediate deletion

/admin-configure-deletion set-policy policy:immediate

How it works

  1. User runs /data-delete current-server or /data-delete all-servers
  2. User confirms the deletion
  3. Data is deleted immediately - no delay, no recovery
  4. User receives confirmation
  5. Admins are notified in audit log

What gets deleted

When a user deletes their data:

  • All work sessions in the server
  • All break records
  • User profile data
  • Statistics and aggregated data
  • Leaderboard entries
  • Historical records

Benefits

Pros:

  • ✅ Fastest GDPR compliance
  • ✅ User has complete control
  • ✅ Simplest to manage
  • ✅ No admin overhead
  • ✅ No data retention liability

Cons:

  • ❌ No recovery if accidental
  • ❌ Permanent data loss
  • ❌ No backup opportunity

Best for

  • Privacy-first organizations
  • Small teams with low data value
  • Servers prioritizing GDPR compliance
  • Low-risk data environments
  • Users who frequently join/leave

GDPR compliance

Immediate deletion ensures compliance with:

  • Article 17: Right to erasure ("right to be forgotten")
  • Article 12(3): Erasure without undue delay
  • Requirement: Requests fulfilled within 30 days (immediate = instant)

GDPR best practice: Immediate deletion is the safest policy for GDPR compliance. It eliminates any risk of delayed processing or forgotten requests.

Grace period deletion

Deletion is delayed for a specified period, allowing recovery if needed.

Enable grace period

# Set policy to grace period mode
/admin-configure-deletion set-policy policy:grace_period

# Configure the grace period duration
/admin-configure-deletion set-grace-period days:30
  • Name
    days
    Type
    number
    Description

    Grace period duration (1-365 days). Common values: 7, 14, 30, 90.

How it works

  1. User runs /data-delete current-server
  2. User confirms deletion
  3. Deletion is scheduled for X days in the future
  4. Data remains accessible during grace period
  5. User can cancel deletion anytime before deadline
  6. After grace period expires, data is permanently deleted
  7. User is notified 24 hours before deletion

Canceling pending deletion

During the grace period, users can cancel:

# User cancels their own pending deletion
/data-cancel-deletion

Only the user who requested deletion can cancel it.

Benefits

Pros:

  • ✅ Recovery window for accidental deletions
  • ✅ Time for admins to export data if needed
  • ✅ User can change mind
  • ✅ Safer than immediate deletion

Cons:

  • ❌ Data still stored during grace period
  • ❌ Requires tracking pending deletions
  • ❌ Slightly slower GDPR compliance
  • ❌ More complex to manage

Best for

  • Medium-sized teams
  • Valuable historical data
  • Organizations with data export needs
  • Reducing accidental deletion risks
  • Compliance with backup policies

Recommended grace periods

DurationUse CaseRisk Level
7 daysQuick recovery, low-value dataLow
14 daysStandard business cycleMedium
30 daysMonthly reporting cyclesMedium
90 daysQuarterly audits, high-value dataHigh

GDPR compliance: Grace periods are acceptable under GDPR as long as the deletion occurs within 30 days (Article 17). Grace periods longer than 30 days may require justification.

Requires approval

Admins must manually approve all deletion requests before they're processed.

Enable approval mode

/admin-configure-deletion set-policy policy:requires_approval

How it works

  1. User runs /data-delete current-server
  2. User confirms deletion request
  3. Request is submitted to admins - data is NOT deleted yet
  4. Admins are notified
  5. Admin reviews request: /admin-review-deletion-requests list
  6. Admin approves or denies: /admin-review-deletion-requests review request-id:123
  7. If approved, data is deleted immediately
  8. If denied, user is notified with reason

Managing deletion requests

List all pending requests

/admin-review-deletion-requests list

Shows:

  • User name
  • Request date
  • Data scope (current-server vs all-servers)
  • Request ID
  • Days pending

Review specific request

/admin-review-deletion-requests review request-id:123

Shows detailed view with:

  • User information
  • Data to be deleted (session count, total hours)
  • Request timestamp
  • Approve or Deny buttons

Approval workflow

When reviewing a request:

  1. Verify user identity: Is this the actual user?
  2. Check reason (if provided): Is it legitimate?
  3. Export data if needed: Run /stats user:@username range:all-time
  4. Make decision:
    • Approve: Data deleted immediately
    • Deny: User notified, no data deleted

Approval reasons:

  • ✅ Valid GDPR request
  • ✅ User leaving organization
  • ✅ User requested voluntarily
  • ✅ No legal retention requirements

Denial reasons:

  • ❌ User is subject to legal retention
  • ❌ Under active audit/investigation
  • ❌ Contractual obligation to retain data
  • ❌ Request appears fraudulent

Benefits

Pros:

  • ✅ Maximum admin control
  • ✅ Prevent accidental/malicious deletions
  • ✅ Time to export critical data
  • ✅ Verify user identity
  • ✅ Enforce retention policies

Cons:

  • ❌ Requires active admin management
  • ❌ Can delay legitimate requests
  • ❌ Higher admin workload
  • ❌ Potential GDPR compliance issues if slow

Best for

  • Large organizations
  • Highly regulated industries
  • Sensitive or valuable data
  • Compliance/audit requirements
  • Organizations with retention policies

GDPR considerations

GDPR warning: Approval mode can conflict with GDPR's requirement for "without undue delay" (Article 17). You MUST process requests within 30 days and can only refuse if you have a valid legal ground for retention.

Valid grounds for refusal:

  • Compliance with legal obligations (e.g., tax records)
  • Defense of legal claims
  • Processing is necessary for archiving in public interest

Invalid grounds:

  • "We might need it later"
  • "It's useful to have"
  • Administrative convenience

Best practices for approval mode

  1. Process requests weekly - don't let them pile up
  2. Respond within 7 days - keep well under 30-day GDPR limit
  3. Document denials - keep records of why and legal basis
  4. Inform users - explain denial reasons clearly
  5. Automate if possible - approve routine requests quickly

Prevent data deletion for a specified period due to legal requirements.

Enable legal retention

/admin-configure-deletion enable-legal-retention enabled:true
/admin-configure-deletion set-retention-years years:7
  • Name
    enabled
    Type
    boolean
    Description

    Enable or disable legal retention

  • Name
    years
    Type
    number
    Description

    Retention period (1-99 years)

How it works

When legal retention is enabled:

  1. User requests data deletion
  2. System checks if data falls within retention period
  3. If within retention period → Deletion is denied
  4. User receives message explaining retention requirement
  5. After retention period expires → Deletion is allowed

Legal retention requirements

Legal retention is typically required for:

IndustryTypical RetentionLegal Basis
Employment records7 yearsLabor law, tax law
Financial records7 yearsTax regulations
Healthcare10 yearsHIPAA, medical records law
Government contractorsVariesContract requirements
Legal proceedingsUntil resolutionLitigation hold

Combining with deletion policies

Legal retention works with all deletion modes:

  • Immediate + Legal retention: Requests denied if within retention period, instant deletion after
  • Grace period + Legal retention: Grace period applies only to data outside retention period
  • Approval + Legal retention: Admins can't approve deletions within retention period

GDPR compliance

GDPR and legal retention: GDPR Article 17(3) allows retention when:

  • Required by law (employment law, tax law, etc.)
  • Necessary for legal claims
  • Public interest/archiving purposes

You MUST have a valid legal basis and document it. "Just in case" is NOT a valid reason.

Documenting retention

When enabling legal retention, document:

  1. Legal basis: Which law requires retention?
  2. Retention period: How long? (must be reasonable)
  3. Data categories: What data is retained?
  4. Review schedule: When will you review this policy?

Example documentation:

Legal Retention Policy - Acme Corp Discord Server
- Basis: Employment Records Law (Local Code §123.45)
- Period: 7 years from end of employment
- Data: All work session records, hours worked, attendance
- Applies to: Current and former employees
- Review: Annually on January 1st
- Effective: January 1, 2024

Decision matrix

Choose the right deletion policy for your needs:

FactorImmediateGrace PeriodApproval Required
GDPR complianceExcellentGoodRisky
Admin workloadNoneLowHigh
Recovery possibleNoYes (during grace)Yes (before approval)
Data securityHighestHighMedium
User controlCompleteHighLimited
Recommended forPrivacy-firstGeneral useHigh-value data

Quick decision guide

Choose Immediate if:

  • Privacy is top priority
  • Low admin availability
  • Low-value data
  • Frequent user turnover

Choose Grace Period if:

  • Need recovery window
  • Moderate-value data
  • Want balance of control and privacy
  • Monthly reporting cycles

Choose Approval if:

  • High-value data
  • Regulatory requirements
  • Need verification step
  • Have dedicated admin resources

Best practices

General recommendations

  1. Start with grace period: 30 days is a good balance
  2. Document your policy: Write it down and share with users
  3. Review quarterly: Is your policy still appropriate?
  4. Be consistent: Apply rules fairly to all users
  5. Train admins: Ensure they understand GDPR obligations

Communication

Inform users about:

  • Which deletion policy is active
  • How long deletions take
  • How to cancel (if grace period)
  • Legal retention requirements (if any)
  • How to contact admins with questions

Compliance

  1. Keep audit logs: Track all deletion requests and approvals
  2. Document legal basis: For any retention requirements
  3. Process promptly: Don't delay beyond GDPR limits
  4. Train staff: On GDPR rights and obligations
  5. Review regularly: Update policies as laws change

Troubleshooting

User can't delete data

Error: "Legal retention active"

Cause: Data falls within legal retention period

Solution: Explain retention requirement to user, provide expected deletion date

Deletion requests piling up

Cause: Approval mode enabled, admins not reviewing

Solution:

  1. Review pending requests: /admin-review-deletion-requests list
  2. Process each request promptly
  3. Consider switching to grace period mode if overwhelmed

Grace period too short/long

Problem: Users complaining about grace period duration

Solution:

  1. Review user feedback
  2. Adjust grace period: /admin-configure-deletion set-grace-period days:X
  3. Announce change to users

Server Configuration

GDPR Compliance

Data Deletion Guide (User)

All Commands

Was this page helpful?