Deleting, archiving & restoring clients
In brief: Archive (relationship closed), Delete (record was a mistake), GDPR erasure (subject right + retention expired). Which to use when.
A client record represents a regulated relationship. Removing it isn't like deleting a row in a spreadsheet — there are three different actions, each with different rules, each with different consequences.
This page explains which one to use when.
The three actions
| Action | When to use it | What happens | Reversible? |
|---|---|---|---|
| Archive | "We no longer act for this client" — engagement ended, matter closed, relationship terminated | Status changes to Archived. Client disappears from default lists but stays visible in audit packs, ACR samples, and the audit log | Yes, any time |
| Delete | "This record was created by mistake" — wrong client, wrong firm, duplicate, typo | Row is soft-deleted (hidden from view) but kept for 5 years for the regulatory retention period | Yes, by platform admin |
| GDPR erasure | Data subject's Article 17 request, AND the 5-year retention has expired | Row is permanently purged. A tombstone is left behind for the audit chain | No |
Archive — the everyday "delete"
Use Archive 95% of the time. It's the action you reach for when:
- A client retains a different firm
- A client passes away
- An engagement letter ends
- A one-off matter is closed and there's no ongoing work
- The client moves jurisdictions
- You triage your active book before annual review
Steps:
- Open the client profile or the row in the client list.
- ⋯ More menu → Archive.
- Optional: write a reason — useful for the audit log when the archive happens months before a regulator asks why.
- Click Archive client.
The client immediately drops out of:
- The default Clients list (filterable back in with the Archived status filter)
- The MLRO Queue
- Compliance Health calculations
- The Today widget
The client stays in:
- The audit log — every event up to the archive date is preserved
- ACR samples — if the client was active during the review period
- Compliance Packs — they were your client, and the regulator wants to see that
- Per-company reports — if they were a beneficial owner or director
You can un-archive any time by editing the client and changing status back to Active.
Delete — error correction only
Use Delete when the record itself is the mistake. Three classic scenarios:
- Duplicate from import — bulk import created two rows for the same person; you want to keep one and remove the other.
- Wrong firm — someone added a client to your firm that actually belongs to a sibling practice.
- Test data — you created "Test Client" during onboarding and forgot to remove it.
If you find yourself wanting to use Delete because "we don't act for them any more," stop. Use Archive. Delete is not for closed relationships.
Steps:
- Open the client profile.
- ⋯ More menu → Delete.
- Write a reason of at least 5 characters. This is mandatory —
the audit log records why every deletion happened, and "x" or
"test" will be rejected. Aim for something specific:
- "Duplicate of client #1234, created during May 2025 bulk import"
- "Onboarded to wrong firm — should have been Smith & Co, moving them"
- "Test data from initial setup"
- Click Delete client.
The client is soft-deleted:
- Hidden from every default view
- Audit log preserves the deletion event with your reason
- Platform admin can restore the record within the 5-year window
- After 5 years, the record becomes eligible for permanent erasure (if requested via Article 17)
Who can delete?
By default:
| Role | Can delete? |
|---|---|
| Firm Owner | ✅ |
| Manager | ✅ |
| MLRO | ✅ |
| Staff | ❌ — needs to ask a Manager or above |
| Auditor (read-only) | ❌ |
| Platform Admin | ✅ |
Staff are blocked from deletion to prevent line-staff mistakes from silently erasing client records. If a Staff user needs a record deleted, they should ask a Manager.
Restore — undoing a delete
If you delete by mistake, ask a platform admin to restore. They can see soft-deleted clients and bring them back with a single click. The audit log records both the original deletion and the restoration, so the trail is intact.
We aim to honour restoration requests within the same business day.
GDPR erasure — the exceptional path
This is the permanent one. Use only when:
- The data subject has formally requested erasure under GDPR Article 17, AND
- You've verified their identity, AND
- Either:
- The 5-year MLR retention period has expired (5 years from when the relationship ended), OR
- There's a legitimate Article 17 ground that overrides the retention obligation (rare — usually the regulation wins)
This action is platform-admin-only and irreversible. When it runs:
- The client row is genuinely deleted from the database
- The audit log for that client is also deleted (cascade)
- A tombstone record is created with: who requested, who approved, what legal basis was claimed, when the original soft-delete happened
- The tombstone is permanent — it's our compliance shield against "where did this client go?"
If you receive a GDPR erasure request and aren't sure whether it qualifies, contact Certivus Support before approving. Most Article 17 requests against AML records are correctly refused because the MLR 2017 reg 40 obligation overrides — the ICO has explicitly upheld this in published guidance.
Updating contact details
This is much simpler — there's no constraint to fight.
- Open the client profile
- Edit the field (email, phone, address, etc.)
- Save
The change writes to the audit log automatically. You can see who changed what and when by opening the Audit Log for that client.
What if two clients share an email or phone?
That's allowed. Common cases:
- Spouses share an email —
the.smiths@gmail.com - A parent's email is on a minor's record
- Family businesses share an inbox or mobile
- An individual + their own limited company share a phone
The system does not block duplicate contact details within a firm, and we recommend keeping it that way — a hard rule would cause more support tickets than it would prevent.
If you ever see two real, different clients with identical contact details and you suspect a typo, the safer fix is:
- Open each one
- Compare full names, DOBs, addresses
- If they're the same person → Delete the duplicate with a reason like "Duplicate of #1234"
- If they're family members → leave both, they're real
Common questions
Q: Why doesn't Delete just remove the row?
Because MLR 2017 reg 40 requires 5 years of records. A regulator asking "why is this client missing from your KYC files?" is a much worse outcome than a row sitting hidden in the database.
Q: My "delete" said success but the client is still there.
Old bug, fixed. The action now writes properly through an audited RPC and surfaces real errors. If you still see this, check whether your role allows deletion (Staff cannot delete) and contact support if confused.
Q: I archived a client by mistake. Can I undo?
Yes — edit the client and set status back to Active. No audit-log loss; the archive and un-archive both record cleanly.
Q: Can a deleted client come back as a brand new record?
Yes. If a former client returns and you've already deleted (not archived) their record, just create them fresh. The new record gets a new Certivus Individual ID and a clean slate. The old soft-deleted record stays where it is for the retention window.
Q: What about beneficial owners linked to a deleted company?
The link goes stale but the BO record itself isn't touched. The BO appears in the audit log as "previously linked to deleted client".
Related help articles
- Audit log — every deletion / archive / restoration shows here
- Compliance Pack ZIP — archived clients still appear
- Annual Compliance Review — soft-deleted clients are excluded from the active sample; archived clients are included if active during the review period
Didn't find what you needed?
Contact support