Getting Started

OverviewQuickstartArchitecture

API Reference

Idempotent RecordsWebhooksContractsAuth / Keys

SDK

InstallUsage

Guides

IdempotencyWebhook GatewayProvider Verification MatrixWebhook ConfigurationData RetentionControlled LaunchSecurity and Data ProtectionSecurity Review PackTraffic ProtectionObservability DashboardChargeback SimulationOnboarding FlowBackoffice Overview

Examples

PaymentsStripePayPal / Braintree StatusGeneric HMACShopifyGitHub

Guide: Data Retention

Overview

Syllecta separates operational cleanup from financial, audit, and tenant-core records. Generic retention jobs are allowed to clean temporary debug data and operational telemetry. They must not delete billing ledgers, invoices, audit logs, API keys, webhook secrets, users, tenants, plans, or settings.

Retention Matrix

Data classDefaultActionNotes
Raw webhook payloads / headers30 daysScrub raw fieldsShort debug/replay window. Metadata and redacted payload views can remain after raw purge.
Synthetic/demo webhook events90 daysHard deleteDemo/test traffic is shorter-lived than customer operational evidence.
Webhook event metadata180 daysHard deleteProvider, event id, status, timing, callback result, failure reason.
Simulation records180 daysHard deleteOnly records with no surviving webhook references are eligible.
Routine completed job runs90 daysHard deleteCompleted no-incident execution telemetry.
Failed/skipped/acknowledged job runs395 daysHard deleteIncident evidence gets a longer window.
Healthy billing reconcile runs90 daysHard deleteHealthy diagnostics are temporary telemetry.
Billing reconcile mismatches395 daysHard deleteInvoice-readiness evidence is retained for the 13-month target window.
Financial ledgerSeparate accounting policyPreserveBilling events, invoices, line items, adjustments, payment provider references.
Audit logsSeparate security/legal policyPreserveNot cleaned by generic operational retention.
Tenant core recordsManual offboarding onlyPreserveTenants, users, API keys, webhook secrets, settings, plans.

Payload Storage Modes

The customer-facing model is:

  • metadata_only — store provider/event/status/timing/error/correlation metadata only.
  • redacted_payload — store a safe payload view for triage/debug.
  • raw_debug_window — store raw payloads only for a short replay/debug window.

The active tenant policy is visible in Webhook Settings. Payload search is disabled for metadata_only tenants, and raw replay is only available for raw_debug_window tenants while the raw debug window is still active.

Operational Controls

Super admins can review the active policy in Backoffice Settings:

  • active retention windows
  • cron schedule and next run
  • dry-run row counts
  • last purge summary
  • protected classes that are never touched by generic cleanup

The purge job runs in batches so large deletes do not block Postgres for one long transaction.

Offboarding Checklist

Before deleting or anonymizing tenant data:

  • disable tenant users
  • revoke API keys
  • rotate or delete webhook secrets
  • stop provider webhook delivery to Syllecta URLs
  • decide preserve/anonymize/delete for non-billing operational data
  • preserve financial and audit references according to the legal/accounting policy

Verification

After a purge:

  • dashboard opens
  • webhook list opens without payload rows
  • billing pages and reconcile history open
  • simulations list opens
  • audit log opens
  • financial ledger and invoices are unchanged

Related