# Data Integrity

Data discipline for writes, retries, and caches that must not lie.

## Rules

1. **Idempotency keys on every mutating retry.** Payments, order creation, webhooks — if the client or network can retry, the server must deduplicate. Double-charging is not an edge case, it's a certainty.

2. **Caches invalidate with a plan.** Every cache entry has a TTL or an explicit invalidation trigger. "We'll flush it eventually" means you'll serve stale data eventually.

3. **Consistency at boundaries.** Inside a transaction, be consistent. Across services, be explicit about eventual consistency and design for it. Don't pretend distributed systems are atomic.

4. **Retries need backoff and limits.** Exponential backoff, jitter, max attempts. Infinite retries on a failing downstream turn an outage into a traffic amplification attack on yourself.

5. **Validate at the write boundary.** Data shape, ranges, referential integrity — check before persisting. Fixing corrupt data after the fact is expensive; preventing it is cheap.

6. **Deletion is a data operation.** Soft deletes, retention policies, cascade rules — know what disappears and what orphans when something is removed.

## What This Replaces

Retry logic that double-writes, caches that serve lies, and distributed operations that assume single-database semantics.