From 4ee50165cca0af0af6155fe245d8463d641a3160 Mon Sep 17 00:00:00 2001
From: "inkeep[bot]" <257615677+inkeep[bot]@users.noreply.github.com>
Date: Thu, 26 Feb 2026 10:14:46 +0000
Subject: [PATCH 1/3] docs(session-replay): add data deletion and
 crypto-shredding section to privacy docs

Documents the recording deletion workflow introduced in PostHog/posthog#48420:
- Crypto-shredding (per-session key destruction)
- Two-phase deletion: key shredding + 10-day metadata cleanup
- Automatic deletion on person/team/project deletion
- Deleted recording player notice
---
 contents/docs/session-replay/privacy.mdx | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/contents/docs/session-replay/privacy.mdx b/contents/docs/session-replay/privacy.mdx
index d7e27a858827..7d1b43101d36 100644
--- a/contents/docs/session-replay/privacy.mdx
+++ b/contents/docs/session-replay/privacy.mdx
@@ -41,3 +41,26 @@ PostHog offers a range of controls to limit what data is captured by session rec
 ## Network capture
 
 Session replay also allows you to capture network requests and responses. Headers and bodies can include sensitive information. We scrub some headers automatically, but if your network requests and responses include sensitive information you can provide a function to scrub them. [Read more in our network capture docs](/docs/session-replay/network-recording#sensitive-information)
+
+
+## Data deletion
+
+On PostHog Cloud, session recordings are encrypted using per-session encryption keys. When a recording is deleted, PostHog permanently destroys the encryption key (a process called crypto-shredding), making the recording data unreadable. This is irreversible.
+
+Deletion is a two-phase process:
+
+1. **Key shredding** – the encryption key is permanently destroyed, making the recording unplayable immediately
+2. **Metadata cleanup** – recording metadata is purged from the database after a 10-day grace period via a nightly scheduled job
+
+### When recordings are deleted
+
+Recording deletion happens automatically when:
+
+- **A person is deleted** via the [Persons API](/docs/api/persons) with the `delete_recordings` parameter set to `true`
+- **A team, project, or organization is deleted** – all recordings for each affected team are queued for deletion
+
+### Viewing deleted recordings
+
+If you open a recording that has been deleted, the Session Replay player displays a notice showing when it was deleted and by whom.
+
+For more information on data deletion in PostHog, see [data storage](/docs/privacy/data-storage#data-deletion).
\ No newline at end of file

From e65c05798468d22bcc1e59e333dc83ba7d1719c2 Mon Sep 17 00:00:00 2001
From: "inkeep[bot]" <257615677+inkeep[bot]@users.noreply.github.com>
Date: Thu, 26 Feb 2026 10:16:35 +0000
Subject: [PATCH 2/3] docs: Add session recording deletion via
 delete_recordings parameter

Updates the data storage docs to reflect PR #48420 which adds the
`delete_recordings=true` parameter to the person deletion API. When
set, session recordings are permanently destroyed using crypto-shredding.

- Update Persons row in deletion table to mention session recordings
- Add `delete_recordings=true` to all API examples (bash, JS, Python)
- Add explanation of crypto-shredding behavior
---
 contents/docs/privacy/data-storage.mdx | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/contents/docs/privacy/data-storage.mdx b/contents/docs/privacy/data-storage.mdx
index 02e564b32777..93e2d0abeaf3 100644
--- a/contents/docs/privacy/data-storage.mdx
+++ b/contents/docs/privacy/data-storage.mdx
@@ -104,7 +104,7 @@ You can remove unwanted data from PostHog by deleting groups and persons.
 | **Your account** | [Account settings](https://us.posthog.com/settings/user#user-delete) | Account is deleted immediately; all stored data about you is cleared within 30 days. See [deleting your account](/docs/settings/account-settings#deleting-your-account). |
 | **Projects** | [Project settings](https://us.posthog.com/settings/project#project-delete) | All data under the project (including events) are automatically removed |
 | **Organizations** | [Organization settings](https://us.posthog.com/settings/organization#organization-delete) | All data under the organization's projects (including events) are automatically removed |
-| **Persons** | [In the persons tab](https://us.posthog.com/persons), [by API](#right-to-be-forgotten) | When a person is deleted, all events for that person can be deleted |
+| **Persons** | [In the persons tab](https://us.posthog.com/persons), [by API](#right-to-be-forgotten) | When a person is deleted, all events and [session recordings](/docs/session-replay) for that person can be deleted |
 
 ### Right to be forgotten
 
@@ -146,17 +146,17 @@ response = requests.get(
 
 </MultiLanguage>
 
-To delete persons and their events, use the [DELETE Persons API endpoint](/docs/api/persons#delete-api-projects-project_id-persons-id) with the person's UUID (returned as `id` in the persons API response). To delete the person's corresponding events, add the `delete_events=true` parameter:
+To delete persons and their events, use the [DELETE Persons API endpoint](/docs/api/persons#delete-api-projects-project_id-persons-id) with the person's UUID (returned as `id` in the persons API response). To delete the person's corresponding events, add the `delete_events=true` parameter. To also delete their session recordings, add `delete_recordings=true`:
 
 <MultiLanguage>
 
 ```bash
-curl -X DELETE "https://app.posthog.com/api/projects/<project_id>/persons/<person_uuid>?delete_events=true" \
+curl -X DELETE "https://app.posthog.com/api/projects/<project_id>/persons/<person_uuid>?delete_events=true&delete_recordings=true" \
      -H "Authorization: Bearer <personal_api_key>"
 ```
 
 ```javascript
-fetch('https://app.posthog.com/api/projects/<project_id>/persons/<person_uuid>?delete_events=true', {
+fetch('https://app.posthog.com/api/projects/<project_id>/persons/<person_uuid>?delete_events=true&delete_recordings=true', {
   method: 'DELETE',
   headers: {
     'Authorization': 'Bearer <personal_api_key>'
@@ -174,7 +174,7 @@ api_key = "<personal_api_key>"
 project_id = "<project_id>"
 person_uuid = "<person_uuid>"
 
-url = "https://app.posthog.com/api/projects/{}/persons/{}?delete_events=true".format(
+url = "https://app.posthog.com/api/projects/{}/persons/{}?delete_events=true&delete_recordings=true".format(
     project_id, person_uuid
 )
 headers = {"Authorization": "Bearer {}".format(api_key)}
@@ -185,7 +185,7 @@ print(response.json())
 
 </MultiLanguage>
 
-This request will delete all events of the person(s) that have been captured before the deletion request.
+This request deletes all events of the person(s) captured before the deletion request. When `delete_recordings=true` is set, all session recordings for the person are permanently destroyed using crypto-shredding, which irreversibly deletes the encryption keys making recordings unreadable. This process cannot be undone.
 
 ### Manual data deletion
 

From 637a6de6ac1266481071cac04cf53733a1d55447 Mon Sep 17 00:00:00 2001
From: "inkeep[bot]" <257615677+inkeep[bot]@users.noreply.github.com>
Date: Thu, 26 Feb 2026 10:17:56 +0000
Subject: [PATCH 3/3] Update persons docs: add session recording deletion info
 from PR #48420

- Document the option to delete session recordings when deleting a person in the UI
- Add `delete_recordings=true` API parameter documentation with crypto-shredding explanation
- Fix broken link from /docs/privacy/data-deletion to /docs/privacy/data-storage#data-deletion
---
 contents/docs/data/persons.mdx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/contents/docs/data/persons.mdx b/contents/docs/data/persons.mdx
index aad24c2e64f3..859dcfedcd0f 100644
--- a/contents/docs/data/persons.mdx
+++ b/contents/docs/data/persons.mdx
@@ -75,10 +75,12 @@ Clicking on a person in the [People tab](https://app.posthog.com/persons) opens
 
 - Search for the person via their unique ID. For example, their email.
 - Click on the person's ID
-- Click **Delete person** to remove them and all their associated data. You will be prompted to confirm this action.
+- Click **Delete person** to remove them and all their associated data. You will be prompted to confirm this action. You can also choose to delete their session recordings at this step.
 
 <DistinctIdReuseWarning />
 
 ### Via the API
 
-You can also delete persons data via the API. See the [Data Deletion docs](/docs/privacy/data-deletion) for more information.
+You can also delete persons data via the API. When deleting a person, you can pass `delete_events=true` to delete their events and `delete_recordings=true` to delete their [session recordings](/docs/session-replay). Recording deletion uses crypto-shredding to permanently destroy encryption keys, making the recordings unrecoverable.
+
+See the [data deletion docs](/docs/privacy/data-storage#data-deletion) for more information.