Data deletion is handled via our backend providers. When a volume is released back to the provider, the provider performs a wipe on the data in accordance with NIST 800-88. This wipe is done immediately before reuse.
All projects, except those hosted on FR-3, utilize encrypted volumes. The encryption key is destroyed when the volume is released back to the provider, which adds another layer of protection.
For more information on this feature, please see the following page in the Platform.sh documentation:
https://docs.platform.sh/security/data-deletion.html
https://platform.sh/trust-center/security/data-deletion/