I’m not sure exactly where to post this, but I would like suggestions from the community how to handle stored attachments that may need to be deleted. I found a bug, but Airtable Support is calling it ‘normal’, so not a bug. I will call it a flaw.
When an Attachment is added to an attachment field, and the URL to that attachment is shared externally (we use Zapier to share links to PDF Proofs, contracts, invoices etc) then send an SMTP zap email with embedded links to the attachments to clients. If there are subsequent updates to the attachments, then we delete the attachments in the Base, and place the new updated version in the attachment field and send with the new URL link to access. HERE IS THE “FLAW”. Airtable is NOT actually deleting the file. In fact not only is the private file still being stored on Airtable, but the original URL link to the attachment that had previously been 'DELETED" by the DELETE KEY, is in fact still accessible. Via the original link to the previously deleted file.
We discovered this 1 week ago, tested it again, and then I sent a support ticket to Airtable support 1 week ago.
As per Support response (Which took 6 days to receive an acknowledgement and an answer) " Apologies for the delayed response here – I wanted to sync up with engineering on this to ensure I was providing you a correct answer.
This is currently expected behavior in Airtable, and is not something we plan to “fix,” although we may consider adjusting how this works in the longer term. Feel free to let me know where this is causing issues in your process, and I can take this back to the product team for their consideration when they revisit attachment storage in the future.
Sorry I can’t be more helpful here!
All the best,
Does external access to assumed deleted data/files cause problems or worse liability for you or your clients?
Do you have suggestions on how to actually HARD DELETE attachments?
As a work around we are implementing using a new URL Field for files that need to be shared, and actually storing attachment files, that we need to give outside access to, a link to a Dropbox or Google Drive files.
If you also see this a possible compliance problem, and or would like to see Airtable address this very sensitive privacy issue, please let Airtable support know your concerns.