HighFile-scope Plug & play

Enforce retention with explicit TTL per data category

PII tables must include an expires_at (or retention_policy) column and a scheduled deletion/archival job aligned to data category. No indefinite retention. (GDPR Art. 5(1)(e))

Add to Mesrai Open workspace

Why this matters

Limits exposure and fulfills storage limitation obligations.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

CREATE TABLE events (
 id BIGSERIAL PRIMARY KEY,
 email TEXT,
 created_at TIMESTAMPTZ NOT NULL
); -- no retention

Prefer

CREATE TABLE events (
 id BIGSERIAL PRIMARY KEY,
 email_hash TEXT,
 created_at TIMESTAMPTZ NOT NULL,
 expires_at TIMESTAMPTZ NOT NULL -- e.g., NOW() + INTERVAL '13 months'
);
-- Deletion job (pseudo)
-- RUN DAILY: DELETE FROM events WHERE expires_at <= NOW();

More snippets

Good

DELETE FROM events WHERE expires_at <= NOW();

Bad

SELECT COUNT() FROM events WHERE created_at < NOW() - INTERVAL '5 years'; -- but never deleting

Related rules

From the same buckets as this rule.

Critical
Idempotent Right to Erasure across all stores
Provide a single idempotency-keyed erasure workflow that scrubs PII in primary DB, caches, search indices, and object storage; emit an audit event with erasure_request_id. (GDPR Art. 17)
compliance-gdprprivacy-pii+2
High
Encrypt PII at rest using application-layer crypto
Encrypt sensitive columns (e.g., email, phone) with managed keys; ensure DB connection enforces TLS. Store only ciphertext; compare via deterministic token/hashes when needed. (GDPR Art. 32)
compliance-gdprsecurity-hardening+1
High
Gate analytics cookies on explicit consent (Web)
Only set analytics/marketing cookies if consent.purposes.analytics === true and consent.version matches current policy; re-check on version bump. (GDPR Art. 7, ePrivacy)
compliance-gdprprivacy-pii+1

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

CREATE TABLE events (
 id BIGSERIAL PRIMARY KEY,
 email TEXT,
 created_at TIMESTAMPTZ NOT NULL
); -- no retention

Prefer

CREATE TABLE events (
 id BIGSERIAL PRIMARY KEY,
 email_hash TEXT,
 created_at TIMESTAMPTZ NOT NULL,
 expires_at TIMESTAMPTZ NOT NULL -- e.g., NOW() + INTERVAL '13 months'
);
-- Deletion job (pseudo)
-- RUN DAILY: DELETE FROM events WHERE expires_at <= NOW();

More snippets

Good

DELETE FROM events WHERE expires_at <= NOW();

Bad

SELECT COUNT() FROM events WHERE created_at < NOW() - INTERVAL '5 years'; -- but never deleting

Related rules

From the same buckets as this rule.

Critical

Idempotent Right to Erasure across all stores

Provide a single idempotency-keyed erasure workflow that scrubs PII in primary DB, caches, search indices, and object storage; emit an audit event with erasure_request_id. (GDPR Art. 17)

compliance-gdprprivacy-pii+2

High

Encrypt PII at rest using application-layer crypto

Encrypt sensitive columns (e.g., email, phone) with managed keys; ensure DB connection enforces TLS. Store only ciphertext; compare via deterministic token/hashes when needed. (GDPR Art. 32)

compliance-gdprsecurity-hardening+1

High

Gate analytics cookies on explicit consent (Web)

Only set analytics/marketing cookies if consent.purposes.analytics === true and consent.version matches current policy; re-check on version bump. (GDPR Art. 7, ePrivacy)

compliance-gdprprivacy-pii+1