The Danger Zone
Why a separate "Danger Zone"
Irreversible actions belong in a section that's:
- Visually distinct. Red border, danger icons, separated from routine settings.
- Confirmation-gated. Type the exact name (workspace or account) to confirm.
- Audit-logged. Every action recorded with author, timestamp, and reason.
- Recoverable when possible. Soft delete with 30-day window for most actions.
Hard delete should never happen by accident.
Workspace-level danger actions
Three actions under Workspace Settings > Danger Zone:
1. Archive workspace
Read-only mode. Workspace stops accepting new conversations but preserves all data.
When to use:
- Seasonal campaign ended. Pause without delete.
- Project completed. Keep history but stop billing for active features.
- Migrating to a different workspace. Archive the old once new is live.
What happens:
- Conversations stop. New customer messages get a "We're not staffing this channel right now" reply.
- Billing pauses. Archived workspaces don't count toward your plan's workspace cap.
- Knowledge preserved. Indexed content stays for 90 days.
- Reversible within 90 days. Click Unarchive to resume.
After 90 days, archive auto-converts to delete. Data wipes within 30 days following.
2. Transfer ownership
Move workspace ownership to another account user.
Steps:
- Open Workspace Settings > Danger Zone > Transfer.
- Pick the new owner (must be an existing team member).
- Add a reason for audit.
- Confirm.
- New owner gets a notification and must accept within 7 days.
- On accept, ownership transfers.
Useful for:
- Team member departures. Hand off before they leave.
- Project handoff. Transfer to the new responsible owner.
- Account restructuring.
You become a workspace Admin after transfer (or whatever you specify). Not removed automatically.
3. Delete workspace
Permanent removal.
Steps:
- Workspace Settings > Danger Zone > Delete.
- Confirmation modal asks you to type the workspace name exactly.
- Optional reason for audit.
- Click Delete.
What happens:
- Workspace marked for deletion. Status shows "Pending deletion" for 30 days.
- Reversible within 30 days. Restore via Account Settings > Recently Deleted.
- After 30 days, hard delete:
- Conversations wiped.
- Knowledge sources wiped.
- Audit logs retained per workspace policy (typically 365 days).
- Backups purge at 90 days.
API: DELETE /v1/workspaces/ws_xxx. Same 30-day soft-delete window.
Account-level danger actions
Two actions under Account Settings > Danger Zone:
1. Delete account
Removes your AskVault account and all data.
Steps:
- Account Settings > Danger Zone > Delete Account.
- Confirmation modal: type "DELETE MY ACCOUNT" verbatim.
- Pick reason (helps us improve).
- Confirm.
What happens:
- Account marked deleted. Login disabled within 30 seconds.
- All workspaces soft-deleted with same 30-day window.
- Pending invoices charged immediately or pro-rated.
- Subscription cancels.
- 30-day recovery window. Email support to restore.
- After 30 days: hard delete.
What's not auto-deleted (you need to handle):
- Customer data subject requests if you had any pending; complete those first.
- API integrations on your side pointing at AskVault. Re-route or remove.
- Linked accounts (Google OAuth, etc.). Those external accounts persist; only the AskVault link removes.
2. Bulk data export before delete
Recommended before any irreversible action:
- Account Settings > Danger Zone > Export All Data.
- Format: JSON (machine-readable) or CSV (spreadsheet-friendly).
- Wait for export to complete. Larger accounts (over 10,000 conversations) take 15 to 60 minutes.
- Download via secure link (expires in 7 days).
Includes: workspaces, conversations, contacts, leads, knowledge, audit logs.
Useful for:
- Legal compliance. Keep a copy for retention obligations.
- Migration to another platform. Take your data.
- Personal records. Maintain your own history.
Soft delete vs hard delete
Two stages of deletion:
Soft delete (days 1 to 30).
- Marked deleted but data preserved.
- Login disabled for accounts; workspaces hidden from active list.
- Reversible. Restore via Account Settings > Recently Deleted, or email support.
- Doesn't bill during soft-delete window.
Hard delete (day 30+).
- Data wipes from primary storage.
- Backups continue to retain for 90 days.
- After 90 days, backups purge.
- Not reversible after 30 days.
Some data may persist longer for legal compliance (e.g., billing records 7 years, audit logs 365 days). See data handling.
Confirmation patterns
Each danger action uses one of three confirmation patterns:
- Type the name. Workspace delete requires typing the workspace name.
- Type a specific phrase. Account delete requires "DELETE MY ACCOUNT".
- Two-factor confirmation. SSO or MFA-protected accounts also require a fresh auth challenge.
Defeats accidental deletes from a misclick.
Audit trail
Every danger action logs:
- Action type (archive, transfer, delete).
- Target (workspace ID, account ID).
- Author (user or API key).
- Timestamp.
- Reason if provided.
- IP address and user agent.
Retained 7 years for compliance, even after the workspace or account is deleted.
Useful for:
- Forensic investigation if an account is compromised.
- GDPR audit to prove timely deletion.
- SOC 2 evidence.
GDPR Right to Erasure
For end-customer deletion requests (not workspace owner):
- Customer requests deletion.
- You as the data controller delete the contact (
DELETE /v1/contacts/contact_xxx). - AskVault propagates within 60 seconds (soft delete); 30 days (hard delete); 90 days (backups purged).
- Provide evidence to the customer if requested.
See GDPR compliance.
Recovery from accidental delete
Within 30 days:
- Email support@askvault.co with the workspace or account ID.
- Or use the in-app restore: Account Settings > Recently Deleted.
- Restoration takes about 30 minutes.
- All data restores to the state at deletion time.
After 30 days: data is gone. Backups still exist for 60 more days but aren't customer-restorable from the dashboard.
API access
Danger actions are scriptable:
curl -X DELETE https://api.askvault.co/v1/workspaces/ws_xxx \ -H "Authorization: Bearer ak_xxx" \ -H "X-Confirmation: ws_xxx" \ -H "X-Reason: project_complete"The X-Confirmation header must match the workspace ID exactly (parallel to typing the name in UI). Missing or wrong = HTTP 400.
For account delete, use a parallel pattern with X-Confirmation: DELETE MY ACCOUNT.
Planned features (on the roadmap)
Documented for accuracy:
- Multi-party approval. Today, owner can delete unilaterally. Two-person rule for Enterprise planned.
- Conditional auto-archive. Today, manual. Auto-archive workspaces idle for 6+ months planned.
- Granular export filters. Today, all-or-nothing export. Filter-by-date-range or filter-by-channel export planned.
Limits
- Soft-delete window. 30 days.
- Backup retention. 90 days.
- Audit log retention. 7 years.
- Workspace transfer acceptance window. 7 days.
- Bulk export size cap. Up to 100 GB per export.
Common pitfalls
Deleted by mistake. Use Account Settings > Recently Deleted within 30 days.
Confirmation phrase mismatch. Type exactly as shown. Case-sensitive.
Transfer not accepted in time. Re-initiate; previous transfer expires after 7 days.
Bulk export takes too long. Large workspaces split into multiple files. Wait for the email notification when complete.
Archive vs delete confused. Archive is reversible; delete (after 30 days) is not.
FAQ
Can I undo a workspace delete?
Yes within 30 days via Account Settings > Recently Deleted. After 30 days, no.
Will deleting my account stop billing immediately?
Yes within 30 seconds. Final invoice is pro-rated.
Does deleting a workspace affect my other workspaces?
No. Each is independent.
Can I bulk-delete contacts within a workspace?
Yes via Contacts > Bulk Actions > Delete. Same 30-day soft-delete window.
What if I forgot my password and can't access Danger Zone?
Use password reset first. Then access Danger Zone normally.