Deletion Infrastructure, Rethought

The research-grade engine
for intentional removal.

Most teams treat deletion as an afterthought. We built Voidal because we believe the act of removing data is as consequential as the act of creating it. Voidal is a principled, auditable, and deeply configurable deletion engine — purpose-built from first principles for organisations that take data lifecycle management seriously. We do not move fast and break things. We move deliberately and remove them.

Request Early Access View Technical Demo

Enterprise Trust & Compliance

🛡️
SOC 2 Type II
🔒
ISO 27001
🇪🇺
GDPR Compliant
📋
HIPAA Ready
Right to Erasure Certified

Voidal is the only deletion engine independently audited for compliance with the GDPR's Article 17 Right to Erasure provisions. When regulators ask how you delete, you need an answer better than "we ran a script."

Our Thesis

The world has an accumulation problem.
We are building the cure.

The modern enterprise generates data at a rate that far exceeds its capacity to reason about that data. Storage is cheap, so organisations hoard everything — orphaned files, stale caches, deprecated artifacts, duplicated records. The assumption is that keeping data is free and deleting data is risky. We believe the opposite is true. Keeping data you do not need is one of the most expensive and dangerous decisions an organisation can make. It increases attack surface, inflates compliance burden, degrades system performance, and creates a cognitive overhead that compounds silently over time.

Voidal was founded on a simple observation: deletion is not a destructive act. It is a constructive one. Every file you remove with intention is a file that can no longer be breached, mis-classified, or charged against your storage bill. Every directory you prune is a directory that no longer confuses your engineers. Principled deletion is, in a very real sense, the most important form of system hygiene.

We did not set out to build a deletion tool. We set out to build a deletion philosophy — and then we wrote the infrastructure to enforce it. Voidal is the product of that conviction. It is rigorous, it is auditable, and it is unapologetic about what it does. If you believe that less is more, we would like to work with you.

Core Capabilities

Eight primitives. Infinite configurations.
One principled deletion engine.

Every capability in Voidal maps to a real, deterministic operation. There are no hidden heuristics, no machine learning hallucinations, no black boxes. You tell Voidal exactly what to remove, and Voidal removes it — with the precision and auditability your compliance team demands.

🔥

Deep Clean™ -r -f

Our enterprise-grade recursive purge engine traverses directory hierarchies in their entirety, removing every file and subdirectory without interactive confirmation. Deep Clean is designed for teams that have already made the decision and need Voidal to execute it with absolute fidelity. No prompts. No hesitation. Just thorough, principled removal at depth.

🛡️

Root Shield™ --preserve-root

Our safety-first architecture prevents catastrophic scope events by refusing to operate on the filesystem root. Root Shield is enabled by default — because we believe that guardrails are not a sign of weakness, they are a sign of engineering maturity. When the blast radius is unlimited, the only correct default is to refuse.

🤝

ConsentGate™ -i

Voidal's interactive confirmation protocol prompts before every individual removal operation. ConsentGate transforms deletion from a unilateral action into a deliberate, file-by-file dialogue between operator and system. For regulated environments where every removal must represent an explicit human decision, ConsentGate is non-negotiable.

BatchGuard™ -I

A lighter-weight consent mechanism that prompts once before removing more than three files, or when operating recursively. BatchGuard strikes the optimal balance between safety and velocity — providing protection against catastrophic mistakes without introducing per-file overhead. For most teams, this is the recommended consent posture.

📊

AuditStream™ -v

Verbose telemetry output that explains exactly what Voidal is doing, in real time, as it does it. AuditStream generates a complete, human-readable log of every removal operation — ideal for compliance documentation, post-mortem analysis, and building institutional knowledge about your organisation's deletion patterns.

🧹

HollowPurge™ -d

Precisely targets and removes empty directories — the forgotten artifacts of data lifecycle entropy. HollowPurge cleans up the skeletal remains of directory structures that have outlived their contents. It is targeted, surgical, and deeply satisfying for engineers who believe that empty directories are technical debt.

🔒

BoundaryLock™ --one-file-system

When removing hierarchies recursively, BoundaryLock prevents Voidal from crossing filesystem mount boundaries. If a directory within the target tree resides on a different device, it is silently skipped. This is essential for environments with complex mount topologies where a single recursive operation could inadvertently span network shares, tmpfs mounts, or attached volumes.

💪

ForceField™ -f

Suppresses all prompts and ignores nonexistent files and arguments. ForceField is not reckless — it is decisive. When you have already validated your targets through upstream tooling, CI/CD pipelines, or manual review, ForceField eliminates the unnecessary friction of confirmations that add latency without adding safety.

Process

From target identification to confirmed removal
in four deterministic stages.

01

Target Resolution

Voidal resolves each specified path argument against the current working directory, canonicalising symbolic links and validating existence. Our path resolution engine rejects any target whose final component is . or .. — a design decision informed by decades of production incident analysis. Ambiguous targets are not deleted. They are refused.

02

Consent Evaluation

Based on your configured consent posture — ConsentGate (-i), BatchGuard (-I), or ForceField (-f) — Voidal determines whether interactive confirmation is required for the current operation. If the file is unwritable and standard input is a terminal, Voidal will prompt by default. Every consent decision is logged to the audit stream.

03

Recursive Traversal

For recursive operations, Voidal performs a depth-first traversal of the target hierarchy, respecting filesystem boundaries when BoundaryLock is active. Each node is evaluated independently against the consent policy and safety constraints. Root Shield validates that no traversal will inadvertently reach the filesystem root.

04

Unlink Execution

Voidal issues the unlink system call for each resolved target. If AuditStream is enabled, a verbose log entry is emitted for every removal. Exit status is deterministic: zero on success, non-zero on any failure. There is no partial success in Voidal. Every operation either completes fully or reports exactly what failed and why.

By the Numbers

Trusted by teams who take deletion seriously.

0
Files Removed
0
Organisations
0
Removal Accuracy
0
Since Root Shield Launch

Case Study

How Meridian Health reduced their storage footprint by 73% through principled deletion.

Meridian Health, a mid-market healthcare analytics provider, was spending over $2.1M annually on cloud storage for data that no one had accessed in over eighteen months. Their compliance team had flagged the issue repeatedly, but engineering was paralysed by the fear that deleting anything might break something — somewhere, somehow. They had no deletion policy, no audit trail, and no tooling to distinguish between critical production data and orphaned artifacts from deprecated pipelines.

After deploying Voidal with ConsentGate and AuditStream, Meridian's platform team conducted their first structured data lifecycle review. Over a six-week period, they identified and removed 4.2 petabytes of stale data — with every single removal logged, consented, and auditable. Their storage bill dropped by 73%. Their HIPAA audit passed without a single finding related to data retention. And their engineering team, for the first time, could navigate their filesystem without wading through the archaeological layers of every project that had ever existed.

"We thought deletion was risky," said their VP of Platform Engineering. "Voidal helped us understand that not deleting was the real risk."

Pricing

Deletion infrastructure that scales
with your data lifecycle maturity.

Every tier includes Root Shield by default. Because safety is not a premium feature.

Researcher
Free
For individuals exploring principled deletion. Single-target file removal with basic audit logging.
  • Single file removal
  • Root Shield (default on)
  • Basic AuditStream output
  • Community support
Start Free
Recommended
Professional
$49/seat/mo
For teams adopting structured data lifecycle practices. Full interactive consent and verbose telemetry.
  • Recursive removal (-r)
  • ConsentGate (-i) & BatchGuard (-I)
  • AuditStream verbose logging (-v)
  • HollowPurge empty dir cleanup (-d)
  • Priority support
Request Access
Enterprise
Custom
For organisations operating at scale across complex filesystem topologies with regulatory requirements.
  • Deep Clean recursive force (-r -f)
  • BoundaryLock mount isolation (--one-file-system)
  • Root Shield with all-device protection (--preserve-root=all)
  • Custom interactive policies (--interactive=WHEN)
  • Dedicated account team
  • SOC 2 & GDPR audit packages
Contact Sales
Government
Contract
For agencies and defence contractors with classified data lifecycle obligations and FedRAMP requirements.
  • All Enterprise capabilities
  • Air-gapped deployment option
  • FIPS 140-2 validated removal
  • NIST 800-88 compliance reporting
  • Dedicated government liaison
Request Briefing

What Teams Are Saying

Engineers who delete with conviction.

"We used to have a 'no delete' policy because nobody could guarantee what was safe to remove. Voidal's ConsentGate protocol gave our team the confidence to actually clean up. We recovered 40TB of storage in the first month. It felt like moving into a new apartment."

Jordan Kowalski
Jordan Kowalski
Staff SRE, Lattice Dynamics

"AuditStream is the feature our compliance team didn't know they needed. Every removal is logged, timestamped, and attributable. Our GDPR Article 17 response time went from weeks to hours. The auditors were genuinely impressed, which I did not think was possible."

Astrid Krause
Astrid Krause
Head of Compliance, Canopy Financial

"I accidentally typed the wrong path in a recursive operation. Root Shield stopped it. That single moment justified the entire Voidal investment. We estimate it saved us from a six-figure incident. I have never been more grateful for a default setting."

Elise Rivera
Elise Rivera
Platform Lead, Substrate Labs

"BoundaryLock saved us during a migration. We had NFS mounts scattered through our directory tree and a recursive cleanup would have crossed into production storage. Voidal respected the filesystem boundaries without us having to think about it."

Petra Tanaka
Petra Tanaka
DevOps Architect, Helix Genomics

"Voidal is the first deletion tool I've used that feels like it was built by people who understand that removing things is a serious engineering discipline. The verbose output alone has taught our junior engineers more about filesystem semantics than any documentation we had."

Sylvie Whitfield
Sylvie Whitfield
Engineering Manager, Polar Cloud

Technical Demo

See Voidal in action.

Real output. Real operations. AuditStream verbose mode shows every removal as it happens.

~/projects/stale-data
$ voidal -rv ./deprecated-cache/
removed './deprecated-cache/session_tokens/tok_a1b2c3.json'
removed './deprecated-cache/session_tokens/tok_d4e5f6.json'
removed './deprecated-cache/session_tokens/tok_g7h8i9.json'
removed directory './deprecated-cache/session_tokens/'
removed './deprecated-cache/temp_uploads/draft_report.pdf'
removed './deprecated-cache/temp_uploads/img_0042.png'
removed directory './deprecated-cache/temp_uploads/'
removed './deprecated-cache/README.md'
removed directory './deprecated-cache/'
$ voidal -i ./config.bak
voidal: remove regular file './config.bak'? y
removed './config.bak'
$ voidal -d ./empty-logs/
removed directory './empty-logs/'
$

FAQ

Questions we get asked
by thoughtful engineers.

Yes. In the same way that observability, authentication, and CI/CD have evolved from ad-hoc scripts into structured disciplines with dedicated tooling, deletion deserves the same level of rigour. The average enterprise stores petabytes of data it no longer needs, at enormous cost and risk. Voidal provides the primitives — consent, audit, boundary enforcement, root protection — that transform deletion from a dangerous one-liner into a governed, repeatable process. If your organisation has a data retention policy, you need deletion infrastructure to enforce it.

Voidal provides multiple layers of protection. Root Shield (enabled by default) prevents any operation against the filesystem root. ConsentGate prompts before every individual removal. BatchGuard prompts before bulk operations. BoundaryLock prevents recursive traversals from crossing filesystem mount points. And our path resolution engine rejects any target whose final component is . or ... These are not optional safety features — they are architectural decisions that make catastrophic mistakes structurally difficult to execute.

Voidal performs real, irreversible unlink operations. Once a file is removed, it is removed. This is by design. We believe that deletion should mean deletion — not "moved to a hidden directory that you forget to empty." If your workflow requires a soft-delete or recoverability window, we recommend implementing that logic upstream of Voidal. Our position is that deletion infrastructure should be honest about what it does, and what Voidal does is delete things permanently.

Voidal removes the symbolic link itself, not the target it points to. This is a critical design decision for recursive operations — following symlinks during a deep traversal could inadvertently expand the scope of a removal well beyond the intended target. Voidal's traversal engine is explicit about scope: it operates on the hierarchy you specify, not on the hierarchy that symlinks might imply.

ConsentGate (-i) prompts before every individual file removal. It is the most conservative consent posture and is recommended for environments where every deletion must represent an explicit human decision. BatchGuard (-I) prompts once before removing more than three files or when operating recursively — it provides meaningful protection against bulk mistakes without the per-file overhead. Most teams start with BatchGuard and adopt ConsentGate for specific high-sensitivity directories.

Early Access

Join the organisations rethinking
their relationship with deletion.

Voidal is currently in private beta. Request access and our team will schedule a technical walkthrough.