I led the one-month move from a compliance vendor to an in-house deletion API — cutting six-figure annual vendor costs.
Regulatory deletion (GDPR/CCPA) reaches into every store we keep customer data in. We ran it through a third-party orchestrator: expensive, and a core legal obligation living outside our control. I designed and built the in-house replacement.
The rules keep moving — new stores, new retention windows, new regulation — so I built it around a domain layer with schema versioning. The business logic stays put while the storage underneath can change without a rewrite.
| Vendor cost | six figures annually |
| Deletion verification | across the data platform |
| Data integrity | hardened |
| Vendor dependency | removed |
What I'd do differentlyI let one system's document shape stand in for an explicit contract between the two systems. A later change dropped identifier fields and broke a downstream table. I'd define, validate, and version that data contract on day one.