The platform includes built-in compliance tools for automated data backups, PII (personally identifiable information) deletion, and a full audit trail. These features help meet regulatory requirements like SOC 2, GDPR, and CCPA without third-party services.
There are three distinct compliance operations, all triggered by the same daily cron job:
| Operation | What It Does | Operates On |
|---|---|---|
| Backup | Exports every configured table as an encrypted JSON snapshot to cloud storage (S3/R2) | Live database → cloud storage |
| Backup Cleanup | Deletes old backup files from cloud storage past their retention period | Cloud storage only |
| PII Deletion | Anonymizes or deletes records in the live database that have exceeded their retention period | Live database only |
Each operation runs independently, on its own cadence, and logs every execution to the Audit table for a permanent record.
When enabled, the backup system exports a full JSON snapshot of your database tables to S3-compatible cloud storage (default: Cloudflare R2). Each backup is organized by date and optionally encrypted with AES-256-GCM.
manifest.json is written alongside the table files with checksums and metadata.backups/
main/
2026-03-01/
manifest.json
user.json.enc
product.json.enc
order.json.enc
...
2026-03-02/
...| Setting | Default | Description |
|---|---|---|
Enabled | Off | Toggle backups on or off |
Cadence (hours) | 24 | How often to run (24 = daily, 168 = weekly) |
Retention (days) | 30 | Backup files older than this are deleted from storage |
Encrypted | On | AES-256-GCM encryption for backup files |
Exclude Tables | site, role, apiKey, webhook, audit, ... | Tables to skip (config/system tables by default) |
PII deletion automatically removes or anonymizes personal data from your live database after a configurable retention period. This is your data retention policy enforced in code.
| Strategy | What Happens | Use When |
|---|---|---|
| Anonymize | PII fields are replaced with [REDACTED] or null. The record itself is preserved. | You need the record for reporting or accounting but don't need the personal details (e.g., shipped orders). |
| Delete | The entire record is permanently removed from the database. | The record has no long-term value (e.g., old contact form submissions). |
These are the pre-configured rules (all customizable in Site Config):
| Table | Strategy | Retention | Trigger |
|---|---|---|---|
| Orders | Anonymize | 30 days | After shipping/delivery/cancellation/refund |
| Contacts | Delete | 90 days | After creation |
| Subscribers | Delete | 90 days | Inactive subscribers only |
| Feedback | Delete | 180 days | After creation |
| Coupon Usage | Anonymize | 90 days | After use |
Every significant system action is logged to the Audit table, creating a permanent, tamper-evident record of what happened, when, and by whom. Super admins can browse the full audit history in Admin > Audits.
| Type | Description | Triggered By |
|---|---|---|
backup | Database backup completed, partially completed, or failed | Cron job or manual trigger |
backup_cleanup | Old backup files were deleted from cloud storage | Runs automatically after each backup |
pii_deletion | PII anonymization or deletion was executed | Cron job or manual trigger |
data_export | An admin exported table data as CSV | Admin user action |
data_import | Data was imported in bulk | Admin user action |
user_deletion | A user account was deleted | Admin or user action |
permission_change | A user's roles or permissions were modified | Admin user action |
config_change | Site configuration was updated | Super admin action |
Each audit record captures:
completed, partial, failed, or success.null for automated cron jobs.Super admins can manually trigger backup and PII deletion from Admin > Super Admin Tools > Compliance. Each task has two modes:
The daily cron job runs both operations in sequence:
This ordering is intentional: the backup captures the pre-deletion state, so you always have a recovery window. As long as your backup retention period is shorter than your PII retention period, deleted data won't linger in backup files past its deadline.
To enable compliance features for your deployment:
For full setup details including environment variables, encryption, and disaster recovery procedures, see the project README.