Portal Community
BizFirst Observe

GDPR Deletion

GDPR's "right to erasure" (Article 17) requires that personal data be deleted upon request. Loki provides a Delete API for targeted log deletion without removing entire log streams. This page covers the procedure for processing erasure requests for BizFirstGO log data.

Prerequisites for GDPR Deletion

# loki-config.yaml — enable the delete API
compactor:
  working_directory: /loki/compactor
  shared_store: s3
  retention_enabled: true         # Must be true
  retention_delete_delay: 2h

# Enable deletes in limits_config:
limits_config:
  allow_deletes: true             # Required to use the delete API

# Note: The delete API is available at /loki/api/v1/delete
# It requires admin-level access — protect with authentication.

GDPR Erasure Procedure

1

Receive and document the erasure request

When a user submits a GDPR erasure request, record: user ID, date of request, scope of data (which tenant, which time period). GDPR requires processing within 30 days — start the clock immediately.

2

Identify which logs contain the user's data

# Query Loki to find all logs referencing the user:
# (Requires knowing which field contains the user identifier)

{job=~"processengine|edgestream|octopus", tenant_id="tenant-abc"}
  |= "userId=user-12345"

# Note the time range where logs exist (start and end timestamp).
# Narrow to minimize deletion scope — do not delete more than required.
3

Submit the delete request

# Submit delete request via Loki API:
curl -g -X POST \
  "http://localhost:3100/loki/api/v1/delete" \
  --data-urlencode 'query={job=~"processengine|edgestream|octopus", tenant_id="tenant-abc"} |= "userId=user-12345"' \
  --data-urlencode 'start=2024-01-01T00:00:00Z' \
  --data-urlencode 'end=2025-12-31T23:59:59Z' \
  -H "X-Scope-OrgID: tenant-abc"

# Response (deletion queued):
# {"requestId": "del-abc123"}
4

Monitor deletion status

# Check delete request status:
curl -g "http://localhost:3100/loki/api/v1/delete" \
  -H "X-Scope-OrgID: tenant-abc" \
  | jq '.[] | select(.requestId == "del-abc123")'

# Status values:
# "received" — request queued
# "processed" — deletion complete

# Deletion timing: the compactor processes delete requests during its next
# compaction cycle (every 10 minutes). Actual chunk rewriting may take hours.
5

Verify deletion and document completion

After deletion is complete, re-run the original LogQL query. It should return no results. Document: deletion request ID, completion timestamp, and verification query result. Retain this documentation for GDPR accountability (Article 5(2)).

Cold Storage Deletion Is Separate

The Loki delete API only deletes from Loki's active storage (hot tier). If logs have already transitioned to S3 Glacier via lifecycle rules, you must also delete them from Glacier using aws s3 rm for the specific chunk objects. This requires knowing which S3 objects contain the user's data — which requires log chunk metadata from Loki's index. Document your cold storage deletion procedure before logs reach Glacier tier.

← Loki Access Controls Next: Observability Audit Log →