Dispel securely sanitizes any component used within the authorization boundary upon removal from the system, prior to disposal or re-use. This is done through a three-stage data deletion pipeline which includes a deletion request, logical deletion from active systems through overwriting and cryptographic deletion, and expiration from backup systems. The cryptographic deletion renders data unreadable by deleting the encryption keys needed to decrypt that data. When an instance is deprovisioned, the memory allocated to it is scrubbed (meaning, it's set to zero) by the hypervisor before it is allocated to a new instance, and every block of storage is reset. When a backup is retired, it is marked as available space and overwritten as new daily / weekly / monthly backups are performed.