Skip to content

Organizations & data safety

The managed dashboard groups everything under organizations. An organization holds your projects, and each project holds the things managed stores for you: the current server state, the SSH key used to reach your servers, your managed.yaml configuration, and deploy history. Cloud provider credentials and hosted package repositories also belong to the organization.

That makes an organization the most valuable thing in the dashboard: its rows are the only copy of the state and keys for your live servers. Deleting one is therefore designed to be hard to do by accident and possible to undo.

Deleting an organization

Organizations are deleted from the admin area (Admin → Organizations → pick the organization). Deletion happens in two phases:

Phase 1 — delete (recoverable)

Clicking Delete asks you to type the organization's slug and tells you exactly what is at stake — how many projects, and how many servers' stored state and SSH keys. Confirming does not destroy anything yet:

  • The organization disappears immediately for its members: it's gone from the dashboard, its projects can't be opened or deployed, CLI connections to its projects stop working, invites into it stop working, and its hosted package repositories stop serving.
  • Everything it holds stays stored for a 30-day grace period.

During the grace period the admin page for the organization shows the scheduled deletion date and two ways out:

  • Restore organization — one click puts everything back exactly as it was.
  • Download export — a recovery file, described below.

Phase 2 — permanent deletion

The real deletion only happens in one of two ways:

  • Automatically, once the 30-day grace period passes.
  • Explicitly, from the organization's admin page — the button only appears on an organization that is already deleted, and it asks you to type the slug again. One mis-click can never reach this step.

Permanent deletion removes the projects, stored server state, SSH keys, provider credentials, members, invites, and deploy history for good.

Every step — delete, restore, export, and permanent deletion (including the automatic kind) — is recorded in the admin audit log.

The recovery export

Download export produces a single JSON file containing everything needed to regain access to the organization's servers after the data is gone:

  • each project's managed.yaml configuration sections,
  • the current server state and its history,
  • the project SSH keys — private keys decrypted,
  • cloud provider credentials — decrypted,
  • hosted-repository signing keys, members, and roles.

The export contains secrets in the clear

SSH private keys and provider credentials are included decrypted on purpose — that is what makes the file useful after a permanent deletion. Store it like a password: put it in a password manager or encrypted storage, not in a shared drive or a repository.

If a stored secret can't be decrypted, the export keeps the encrypted value with a note instead of failing, so one bad row never blocks the download.

What deletion never touches

Deleting an organization only removes what the dashboard stores. The actual cloud servers and object storage keep running (and keep costing money) — the dashboard never destroys infrastructure as a side effect of deleting its records. If you want the servers gone too, destroy them from each project before deleting the organization.

If your organization disappeared

If you're a member and an organization vanished from your dashboard — and your CLI says its connection stopped working — an admin has likely deleted it. For up to 30 days it can be restored exactly as it was, so contact your administrator.