Secure Data Deletion

How CodeDD permanently and verifiably deletes your source code

Secure Data Deletion

Overview

CodeDD's promise is simple: zero data retention. When your audit completes, your source code is not just deleted—it's cryptographically shredded beyond any possibility of recovery. This document explains exactly how that works.

Why Secure Deletion Matters

The Problem with "Delete"

Standard File Deletion:

Standard "delete" operation:
  1. Removes file from directory listing
  2. Marks disk space as available
  3. File content remains on disk
  4. Recoverable with forensic tools

Result: Data appears deleted but is fully recoverable

The Risk:

Forensic recovery of "deleted" files
Data remnants on disk/SSD
Backup copies may persist
Virtual machine snapshots
SSD wear leveling complications

CodeDD's Approach

Cryptographic Shredding + Physical Overwrite:

CodeDD's deletion:
  1. Destroy encryption keys (makes files unreadable)
  2. Overwrite files with random data (3 passes minimum)
  3. Overwrite with zeros (DoD 5220.22-M standard)
  4. Delete file system entry
  5. Destroy container/environment
  6. Verify deletion completed
  7. Log destruction for audit trail

Result: Data is cryptographically and physically destroyed

Deletion Timeline

Automatic Deletion Triggers

Successful Audit Completion:

Timeline:
  0:00 - Audit analysis completes
  0:01 - Results stored in database (no source code)
  0:02 - Begin secure deletion process
  0:05 - Encryption keys destroyed
  0:10 - Files cryptographically shredded
  0:20 - Container destroyed
  0:21 - Verification check
  0:22 - Audit log entry created

Total Time: ~30 seconds

Audit Failure/Cancellation:

Timeline:
  0:00 - Audit fails or cancelled by user
  0:01 - Immediate secure deletion initiated
  0:05 - Keys destroyed
  0:10 - Files shredded
  
Total Time: ~15 seconds (expedited)

Timeout/Error:

Timeline:
  0:00 - Error detected or timeout reached
  0:01 - Emergency cleanup triggered
  0:02 - Force delete initiated
  0:10 - All resources destroyed
  
Fallback: System-level cleanup cron job (runs every 5 minutes)

Multi-Layer Deletion

Layer 1: Cryptographic Deletion

Key Destruction:

Why Key Destruction?
  - Encrypted data is useless without the key
  - Even if file recovery succeeds, content is unreadable
  - Instant cryptographic deletion
  - No computational way to recover

Process:
  1. Locate audit-specific encryption key
  2. Overwrite key in memory (zeros, then random)
  3. Delete key from secure vault
  4. Verify key no longer accessible
  5. Log key destruction

Result: All encrypted files become permanently unreadable

Layer 2: Physical File Overwrite

Multi-Pass Overwrite:

CodeDD implements DoD 5220.22-M standard:

Pass 1: Overwrite with random data
  - Cryptographically secure random bytes
  - Prevents simple recovery
  
Pass 2: Overwrite with complement (bitwise NOT of Pass 1)
  - Addresses magnetic media remanence
  - Further reduces recovery probability

Pass 3: Overwrite with random data (again)
  - Third layer of obfuscation
  - Meets DoD standard

Pass 4: Overwrite with zeros
  - Final sanitization
  - Disk space reclaimed cleanly

Code Implementation (Simplified):

def force_remove_directory(directory_path, audit_uuid):
    """
    Securely delete directory with multi-pass overwrite
    """
    # First pass: Random data
    for file_path in all_files(directory_path):
        file_size = os.path.getsize(file_path)
        with open(file_path, 'wb') as f:
            f.write(secrets.token_bytes(file_size))
    
    # Second pass: Complement pattern
    for file_path in all_files(directory_path):
        with open(file_path, 'r+b') as f:
            data = f.read()
            f.seek(0)
            f.write(bytes([~b & 0xFF for b in data]))
    
    # Third pass: Random data again
    for file_path in all_files(directory_path):
        file_size = os.path.getsize(file_path)
        with open(file_path, 'wb') as f:
            f.write(secrets.token_bytes(file_size))
    
    # Fourth pass: Zeros
    for file_path in all_files(directory_path):
        file_size = os.path.getsize(file_path)
        with open(file_path, 'wb') as f:
            f.write(b'\x00' * file_size)
    
    # Finally, delete directory
    shutil.rmtree(directory_path)
    
    log_deletion(audit_uuid, directory_path, "secure_wipe_complete")

Layer 3: Container Destruction

Ephemeral Containers:

Each audit runs in an isolated, ephemeral container:

Container Lifecycle:

1. Creation (Audit Start):
   - Fresh container spawned
   - No persistent volumes
   - Isolated network
   - Unique filesystem

2. Operation (During Audit):
   - Repository cloned to container
   - Files processed and encrypted
   - Results sent to database
   - No data leaves container except results

3. Destruction (Audit End):
   - Secure file deletion (multi-pass)
   - Container stopped
   - Container removed
   - Filesystem destroyed
   - Memory released

Layer 4: Memory Clearing

Secure Memory Deallocation:

import secrets

def clear_sensitive_memory(data):
    """
    Securely clear sensitive data from memory
    """
    if isinstance(data, str):
        data = data.encode()
    
    # Overwrite memory location
    secrets.clearmem(data)
    
    # Delete reference
    del data
    
    # Force garbage collection
    import gc
    gc.collect()

What Gets Cleared:

Decrypted file contents
Encryption keys
API tokens
Intermediate processing results
Cache buffers

SSD Considerations

The SSD Challenge

Why SSDs Are Different:

Wear leveling: Writes distributed across cells
TRIM command: Marks blocks for deletion
Over-provisioning: Hidden spare blocks
Garbage collection: Internal data movement

Impact on Deletion:

Simple overwrite may not hit all copies
Data may persist in spare blocks
Controller may cache data internally

CodeDD's SSD Strategy

Defense in Depth:

Cryptographic Deletion (Primary)
- Key destruction makes all copies unreadable
- Effective regardless of SSD architecture
- Instant and verifiable
Physical Overwrite (Secondary)
- TRIM commands issued
- Multiple overwrite passes
- Best-effort physical deletion
Container Destruction (Tertiary)
- Entire container filesystem destroyed
- Operating system reclaims space
- New audit gets fresh container

Result: Even if SSD retains physical copies, data is cryptographically irrecoverable

Verification & Audit Trail

Deletion Verification

Automated Checks:

After deletion process:
  1. Verify directory no longer exists
  2. Confirm container destroyed
  3. Check encryption key removed from vault
  4. Validate no process references
  5. Run filesystem check (no orphaned inodes)

If Verification Fails:

Fallback Process:
  1. Alert triggered
  2. Emergency cleanup team notified
  3. Manual verification
  4. Root cause analysis
  5. Process improvement

Audit Logging

Every deletion logged:

{
  "audit_uuid": "abc-123-def-456",
  "event": "secure_deletion_complete",
  "timestamp": "2026-01-26T15:30:45Z",
  "deletion_method": "multi_pass_overwrite",
  "passes_completed": 4,
  "container_destroyed": true,
  "key_destroyed": true,
  "verification_passed": true,
  "total_files_deleted": 1247,
  "total_size_deleted": "156MB",
  "duration_seconds": 28
}

Audit Trail Purpose:

Compliance verification
Incident investigation
Process improvement
Customer assurance

Backup Considerations

No Persistent Backups

CodeDD's Backup Policy:

What We Backup:
  ✅ Audit results (findings, scores, recommendations)
  ✅ Metadata (file paths, metrics)
  ✅ User configurations
  ✅ Audit history

What We DON'T Backup:
  ❌ Source code
  ❌ Encrypted source files
  ❌ Decryption keys
  ❌ Temporary processing files

Backup Retention:

Results: 1 year (or per contract)
Audit logs: 7 years (compliance)
Source code: 0 days (never backed up)

Database Deletion

Metadata Cleanup:

When audit is deleted by user:

1. Mark audit as deleted (soft delete)
2. Schedule hard delete (30 days later)
3. Hard delete process:
   - Remove all findings
   - Remove all file references
   - Remove all metrics
   - Remove audit entity
   - Update backups
   - Verify deletion

No Source Code in Database:

Database only stores metadata
No file content ever written to database
Even if database breached, no code exposed

Compliance Standards

Regulatory Alignment

GDPR - Right to Erasure:

Complete deletion upon request
Verification of deletion
Deletion confirmation provided
Backup purging included

SOC 2 - Secure Disposal:

Media sanitization procedures
Verification of disposal
Audit trails maintained
Regular process audits

NIST SP 800-88:

Clear: Logical deletion
Purge: Physical destruction
Destroy: Media destruction
CodeDD implements "Purge" level

DoD 5220.22-M:

3-pass overwrite minimum
Verification of sanitization
Audit documentation
CodeDD exceeds standard (4 passes)

Recovery Testing

Proving Deletion Works

Regular Testing:

Quarterly Process:
  1. Create test audit with sample code
  2. Complete audit normally
  3. Trigger deletion
  4. Attempt forensic recovery using:
     - File recovery software
     - Disk imaging tools
     - Memory dumps
     - Container inspection
  5. Verify: 0% recovery rate
  6. Document results

Third-Party Audits:

Annual security audits include deletion testing
Penetration testers attempt data recovery
Results included in SOC 2 reports

Emergency Deletion

Immediate Purge

Use Cases:

User requests immediate deletion
Security incident detected
Contract termination
Regulatory requirement

Process:

Immediate Purge:
  1. Pause all processing
  2. Identify all data locations
  3. Execute emergency deletion script
  4. Skip standard graceful shutdown
  5. Force container destruction
  6. Overwrite storage
  7. Confirm deletion
  8. Generate emergency deletion report

Completion Time: <2 minutes

What Persists (Intentionally)

Transparency About Retained Data

After Deletion, We Keep:

Audit Results
- Findings and recommendations
- Risk scores
- Metrics (LOC, complexity)
- Why: You paid for these insights
- Retention: Per your contract
Audit Metadata
- Audit ID
- Date/time executed
- Repository name (not content)
- Why: Operational records
- Retention: 7 years (compliance)
Billing Records
- Audit invoice details
- Payment information
- Why: Financial/tax requirements
- Retention: 7 years (legal requirement)

We NEVER Keep:

Source code
File contents
Code snippets
Proprietary algorithms
Business logic
Secrets/credentials

Key Takeaways

For Investors:

Zero IP Retention: Portfolio company code never permanently stored
Regulatory Compliance: Meets GDPR, SOC 2, NIST standards
Verifiable Deletion: Process audited and proven
Risk Mitigation: Even if CodeDD breached, no code exposed

For CTOs:

Military-Grade Deletion: DoD-approved multi-pass overwrite
Cryptographic Shredding: Keys destroyed, files unrecoverable
Container Isolation: Complete environment destruction
Audit Trail: Full documentation for compliance

Next Steps

Review Data Encryption
Learn about Compliance & Certifications
Understand Repository Connection Security

🍪 Your Privacy Matters