What happens to your data once it makes its way to the nebulous cloud? If you’re a Google Cloud Platform customer, the answer became a bit clearer today courtesy of a new whitepaper that outlines the Mountain View company’s deletion policies.

“As part of our ongoing effort to provide transparency around how Google Cloud Platform (GCP) works, we’re pleased to publish [this] whitepaper,” Eric Chiang, cloud security and privacy product manager at Google, wrote in an accompanying blog post. “[It] explains how we balance these performance objectives so customers can manage their data lifecycle.”

As the whitepaper details, data stored in the Google Cloud is encrypted by default with an individual key and replicated on both active and redundant systems (to protect against loss). Backups are configurable to an extent, but only geographically — you can specify the local, regional, and global machines to which your data will be copied.

Google GCP deletion

So how does data deletion on Google Cloud Platform work? First, you have to put in a request by flagging a resource, a GCP project, or your Google account. Data is immediately marked as deleted and made inaccessible after a request has been made, but it’s not necessarily gone for good — some GCP services impose a grace period before it’s permanently removed. Backups and redundant copies, meanwhile, are overwritten as new daily/weekly/monthly snapshots are created.

“GCP services are configured to await these requests and initiate different processes depending on the type and scope of the deletion request,” Chiang wrote.

According to Google, data is overwritten in one of two ways: mark-and-sweep garbage collection or cryptographic erasure. Its engineers take the extra step of performing a low-level overwrite of (or destroying, in some cases) all decommissioned physical storage to ensure nothing slips through.

“If any component of our physical storage media fails to pass a performance test, conducted periodically to make sure it’s operating properly, at any point during its lifecycle, we remove and retire it from inventory,” Chiang wrote. “Whether hardware is decommissioned due to failure, upgrade, or any other reason, storage media is decommissioned using appropriate safeguards.”

Google GCP deletion

Above: A machine destroys decommissioned physical media.

Image Credit: Google

Google claims that on average, it takes about two months to delete data from active systems and six months to expire deleted data in data center backups.

The release of Google’s GCP whitepaper comes a few short months after the enactment of the General Data Protection Regulation (GDPR), a European privacy law that requires companies to exercise transparency in collecting, retaining, and using personal data. Users can ask companies for the information they have about them, and those companies face fines (up to 4 percent of their global revenue) if they don’t comply.