2026-06-27

Keep data in the customer's Drive: the minimal-retention design

How to lower the data-breach risk of a business SaaS. The idea of keeping the data in the customer's hands and minimizing server retention.

The more you hoard, the bigger the risk

The more customer data a provider hoards on its servers, the larger the damage if attacked. Conversely, keeping less on the server structurally shrinks the blast radius.

Keep the data in the customer's Drive

Make the final destination a spreadsheet inside the customer's own Google Drive and the data's controller returns to the customer. The provider only relays it and does not keep it long-term.

Time-box server retention

Hold only the transient data between submission and approval, erase it on approval, and auto-erase even unapproved data within 24 hours. Being able to state 'it stays at most 24 hours' helps the adopter's review pass.

Erasure alone isn't enough

Minimal retention is powerful but doesn't make you safe by itself. Only when you also have the basics — encrypted transport, separated write permissions, and operation logs — does it become something you can use with confidence.

A tool for a culture of improvement and fair evaluation that implements these ideas.

Try the demo Back to articles