At this time, the only available option is a hard deletion of the customer's data. There is currently no pseudonymization or other method to retain non-PII data after deletion.
You may choose to provide your customer with the following statement:
"The data of the web application is regularly backed up. The backed-up data is encrypted, transferred to the server of the data processor, and stored there. After deletion of data from the web application, it remains in the backup database for another six months. The sole purpose of the backup system is to ensure the availability and recoverability of the web application. Individual personal data cannot be retrieved from the data set stored in the backup."