The right to be forgotten, or right to erasure, lets a person ask a business to delete the personal data the business holds about them. It is a core right under GDPR (Article 17) and an equivalent right under CCPA. The business has to comply within a defined window (30 to 45 days typically) and pass the request through to its sub-processors.
For a CX-AI vendor, the deletion request is more complex than it sounds. The customer record might exist in the vendor's app, in cached call audio, in transcripts, in model evaluation logs, in analytics warehouses, in third-party voice and STT vendors, in backup snapshots. A real deletion has to reach all of them. A symbolic deletion only clears the user-facing record and leaves the upstream copies intact.
The right diligence question is procedural: when a data subject deletion request comes in, what is the actual sequence of operations, which systems get touched, what is the verification, what is the customer-facing receipt? A vendor that cannot describe the workflow has not built it.
Vorel deletion propagates to STT vendors, audio storage, transcript logs, analytics, and backup snapshots. The customer receives a verification report listing every system the deletion reached.

