Privacy and data deletion


I am developing a new system and I ponder using Eventstore (once again) as the storage back-end.

My main concern is that I wont be allowed to retain data for more than a fixed amount of time (13 months) for legal reasons (privacy protection).

Is there a practical technique for such situation, allowing to “forget” some old data without breaking immutability ?

A technique that comes to mind would be to use one stream per month, starting with a snapshot of the state aggregated from previous months. That would allow to hard-delete the streams older than 13 months but doesn’t look very practical (especially around the new-month-switch).

What do you think ?



You can set $maxAge stream metadata. Those events will scavenged when those are too old

There are many ways of handling data deletes. As Yorick mentions
$maxage will automatically delete any data older than that time.
Another common usage is to have two streams per customer, one that
contains data you are allowed to keep the other with data you must get
rid of

Yorick, Greg,

Thanks for that quick replies, $maxAge seems to be the right solution.

if you need more control you can also just soft delete the streams and
control multiple streams. You can at any point delete up to event X in
a stream by setting $tb : event# on metadata

good to know, but $maxAge (plus a sensible snapshotting policy) should do the trick