STACCR™ · Cryptographic Erasure Engine
When a key is destroyed, every ciphertext it ever protected becomes permanently unrecoverable — across every backup, replica, and AI context store — without touching any of them. That's the proof. Not a log entry saying a job ran.
Pre-GA: STACCR's erasure engine is architected and under active design-partner engagement. This page demonstrates the designed mechanism — not a shipping product.
The Problem
Distributed copies
When context propagates — to a CRM, a data warehouse, an AI agent's memory — each system received a copy. Deletion must reach all of them. Most can't confirm it did.
Append-only stores
Backups, audit logs, WORM archives, and vector databases are structurally resistant to deletion. You can't overwrite what you're forbidden from overwriting.
No shared proof
There is no cryptographic primitive behind a deletion API call. Every 'DELETE' is a promise. The requesting party has no way to verify the promise was kept.
AI context leakage
AI agents embed context into model state, fine-tuning sets, and memory stores. No deletion API exists for embedded context — but a key can govern all of it.
How It Works
Every context token is encrypted with a User Encryption Key (UEK) that never leaves the KMS. Downstream adapters — CRMs, warehouses, AI agents — receive only ciphertext. The key is what unlocks access. When erasure is requested, the key is destroyed. The ciphertext remains, but it becomes permanently meaningless. No downstream system needs to cooperate.
Step through the erasure sequence
Key Lifecycle State
Active
Scheduled
Destroying
Deleted
Verified
Destruction Sequence
Generate erasure request
Revoke decrypt access via KMS ACL
Destroy UEK key material
Notify adapters via propagation registry
Issue cryptographic erasure certificate
The Proof
After key destruction and adapter acknowledgment collection, STACCR issues a cryptographic erasure certificate — a signed, structured record containing the destruction token, FIPS 140-3 L3 attestation, all adapter acknowledgments, and a regulation mapping. The certificate is stored in an immutable audit ledger and can be exported for regulatory submission.
Today this certificate is signed by STACCR. The designed end state is a published verification key allowing any party holding the certificate to confirm its authenticity independently — no trust in the issuer required. That capability is on the pre-GA roadmap.
Regulatory Coverage
The following mapping reflects how STACCR's erasure architecture is designed to address each regulation's specific requirements. All language uses "designed to" framing — STACCR is pre-GA and makes no present-tense compliance certification.
Art. 17
Right to erasure ('right to be forgotten'): controller must erase personal data without undue delay.
Cryptographic key destruction renders all copies computationally inaccessible simultaneously, with verifiable proof.
§1798.105
Consumers may request deletion of personal information collected by a business or service provider.
Erasure certificate with adapter acknowledgments provides documented evidence of purge across all connected systems.
§164.312(a)(2)(iv)
Encryption and decryption: implement mechanism to encrypt and decrypt ePHI. Destruction must render data unreadable.
AES-256-GCM key destruction meets NIST SP 800-88 standards; FIPS 140-3 L3 attestation provided.
Art. 18 VI
Data subjects have the right to deletion of unnecessary or excessive personal data.
Key destruction propagates across all registered adapters; signed certificate is issued per request.
Art. 10(5)
Where necessary, providers shall ensure training data can be erased and verified erased from deployed models.
CCL context tokens in AI agent memory stores are governed by the same key — destruction revokes all copies including embedded context.
Design Partners
If your team is responsible for demonstrable erasure across AI systems, distributed data pipelines, or multi-tenant SaaS — and you want to shape what the certificate format, adapter contract, and audit export look like — we'd like to work with you.