Right to erasure

Erase one person from a compressed archive — in seconds, without touching the rest.

You can delete someone from a live database in minutes. But their personal data still sits in every backup and compressed archive — opaque, and impossible to edit without restoring, modifying and recompressing the whole thing. AT-1 makes a compressed archive selectively erasable: destroy one subject's key, and they're gone — provably, and without rewriting a single other byte.

Per-subject keys

When data is written, every record-group belonging to one data subject — all their rows, across every table — is encrypted under a unique key. The archive knows who is inside it, so erasure can target one person without disturbing anyone else.

Erasure = key destruction

Fulfilling a right-to-erasure request destroys that subject's key. The encrypted blocks stay physically in the archive, byte-for-byte unchanged, but become cryptographically unrecoverable. It takes milliseconds — regardless of whether the archive is a gigabyte or a petabyte.

Signed erasure certificate

Every erasure emits an Ed25519-signed certificate: subject, timestamp, record-groups erased, proof of key destruction, and the archive hash before and after (identical — proving nothing else moved). The kind of artifact a DPO hands an auditor.

Erasure, end to end

One request in, one signed certificate out — and the archive itself is provably unchanged.

at1 erase build records.json --subject-field user_id --out vault/
at1 erase read   vault/ 1337            # -> the subject's records
at1 erase erase  vault/ 1337 --signing-key issuer.key --out-cert cert.json
                                        # archive bytes UNCHANGED; key destroyed
at1 erase read   vault/ 1337            # -> BLOCKED (cryptographically erased)
at1 erase verify cert.json issuer.key.pub
# -> signature VALID · archive-unchanged = True

Who needs this

  • Data Protection Officers — close the backup-erasure gap that most GDPR programs quietly ignore.
  • Anyone with long backup retention — years of daily snapshots you can't practically edit.
  • CCPA / CPRA deletion — the same mechanism satisfies US deletion rights.
  • Regulated archives — erase a subject while the rest stays WORM-retained and queryable.
A recognised method, made turnkey

This is cryptographic erasure(“crypto-shredding”) — destroy the key, and the data is gone. EU regulators already accept it: the EDPB (Guidelines 5/2019), the UK ICO and the French CNIL all recognise irreversible key destruction as valid erasure. AT-1's contribution is making it turnkey on a compressed, queryable archive: per-subject grouping across tables, an archive you never have to rewrite, and a signed certificate — as one product, not a project.

Honest scope:we don't claim a novel patent here — the technique is established. The value is the integration, the queryable archive, and the productised DPO workflow. Encryption is AES-256-GCM; certificates are Ed25519-signed.

Make your backups erasable — without giving up retention or query.

Start a pilot Read the docsSee the compliance tier