How to Use ParadeDB’s GDPR Purge in PostgreSQL

How do I use ParadeDB’s gdpr_purge() to meet GDPR right-to-erasure demands?

ParadeDB’s gdpr_purge() function deletes or anonymizes personal data across related tables to meet GDPR right-to-erasure requirements.

Welcome to the Galaxy, Guardian!
You'll be receiving a confirmation email

Follow us on twitter :)

Oops! Something went wrong while submitting the form.

Description

Example H2

Example H3

What problem does gdpr_purge() solve?

gdpr_purge() automates GDPR "right to be forgotten" workflows by deleting or anonymizing a subject’s personal data in one call, following foreign-key paths and optional archive rules.

How do I call gdpr_purge()?

Call it with target table, key column, and options that decide whether rows are removed, anonymized, archived, and cascaded to child tables.

Which options matter most?

archive keeps a ZIP of purged rows in paradedb.gdpr_archive; anonymize replaces PII with hashed values; cascade follows foreign keys from the starting row into related tables like Orders and OrderItems.

Can I preview the impact?

Pass dry_run => true to get a JSON plan showing which tables and row counts will change, letting compliance teams sign off before execution.

How do I keep logs for auditors?

Set log => true (default) to store a signed digest of every purge in paradedb.gdpr_log. These immutable entries give auditors proof of erasure.

Why use anonymize over delete?

Delete breaks historical metrics. anonymize scrubs names and emails but keeps ids, letting analytics continue while meeting GDPR.

Best practices for ecommerce databases

Create a composite index on Customers(id) and Orders(customer_id) so cascade runs quickly. Schedule nightly purges for accumulated requests.

How to test safely?

Run gdpr_purge() inside a BEGIN…ROLLBACK block in staging. Compare counts before and after with pg_stat_user_tables.

How to undo a mistaken purge?

If archive was true, INSERT archived rows back; otherwise restore from backup—there’s no built-in undo for permanent deletions.

Why How to Use ParadeDB’s GDPR Purge in PostgreSQL is important

How to Use ParadeDB’s GDPR Purge in PostgreSQL Example Usage


-- Remove customer 42 and all related orders, archiving removed rows
SELECT paradedb.gdpr_purge(
    target_table => 'customers',
    key_column   => 'id',
    key_value    => 42,
    archive      => true,
    anonymize    => false,
    cascade      => true
);

-- Anonymize instead of delete
SELECT paradedb.gdpr_purge(
    target_table => 'customers',
    key_column   => 'id',
    key_value    => 84,
    archive      => false,
    anonymize    => true,
    cascade      => true
);

How to Use ParadeDB’s GDPR Purge in PostgreSQL Syntax


SELECT paradedb.gdpr_purge(
    target_table  => text,          -- e.g. 'customers'
    key_column    => text,          -- e.g. 'id'
    key_value     => bigint,        -- e.g. 42
    archive       => boolean DEFAULT true,
    anonymize     => boolean DEFAULT false,
    cascade       => boolean DEFAULT true,
    dry_run       => boolean DEFAULT false,
    log           => boolean DEFAULT true
);

-- Example parameter set for a customer erasure
SELECT paradedb.gdpr_purge(
    target_table => 'customers',
    key_column   => 'id',
    key_value    => 42,
    archive      => true,
    anonymize    => false,
    cascade      => true
);

Common Mistakes

Forgetting cascade=true. Rows disappear from Customers but stay in Orders, leaving orphaned PII. Always enable cascade unless you purposely want partial cleanup.
Running in production without a dry run. Unexpected foreign-key paths can wipe analytics tables. Use dry_run=>true in staging first, review the plan, then execute.