I prefer audit tables. Soft deletes don't capture updates, audit tables do (you could make every update a delete and insert in a soft delete table, but that adds a lot of bloat to the table)

Deleting data is also a very easy way to not get GDPR compliance issues. Data is a cost and a risk, and should be minimised to what is actually relevant. Storage is the least part of the cost.

Not an issue if you're not building SaaS

Depends on your jurisdiction I suppose. If you are in EU it's a question if you have PII or not - if you are a SaaS or not is totally irrelevant.

Depends on the data in question. Some data is worth keeping, other data isn't.