Home / Legal & Compliance / Data Retention

Data Retention & Management Policy

Transparent guidelines on how long we store your configuration data, audit logs, and personal information.

📅 Last Updated: January 15, 2025

📊 Retention Schedule

We retain data only as long as necessary to deliver services, ensure security, comply with legal obligations, and resolve disputes. Below is our standard retention matrix.

r>
Data Category Retention Period Purpose Access Level
Active Configuration Files Lifetime of Environment Service delivery & app functionality Environment Owners & Authorized SDKs
Deleted Configuration Snapshots 30 days post-deletion Recovery & rollback safety net Admins only
Audit & Access Logs 1 year (Pro) / 7 years (Enterprise) Security compliance & incident response Restricted / DPO Only
Usage Analytics & Metrics 90 days Performance optimization & aggregated reporting Anonymous / Aggregated
Support Tickets & Communications 3 years post-resolution Customer service continuity Support Team
Personal Identifiable Information (PII) Per Legal Requirement or User Request Account management & regulatory compliance Strictly limited

🛡️ Storage, Security & Lifecycle

All data at rest is encrypted using AES-256, and data in transit uses TLS 1.3. We enforce strict tenant isolation and automated lifecycle policies to ensure secure deletion when retention periods expire.

🔐 Encryption Standards

AES-256-GCM for storage, TLS 1.3 for transit, and KMS-managed key rotation every 90 days.

🌍 Geo-Redundancy

Data is replicated across isolated regions with automatic failover. Region preferences are enforced per organization.

🗑️ Secure Deletion

Upon retention expiry, data undergoes cryptographic erasure and is overwritten per NIST 800-88 guidelines.

👤 Your Rights & Control

Compliant with GDPR, CCPA, and international data protection standards, you maintain full control over your data. You can exercise the following rights at any time through the dashboard or by contacting our DPO:

  • Access & Export: Download all configuration data, logs, and account information in JSON/CSV format.
  • Rectification: Update or correct inaccurate personal or organization details.
  • Erasure: Request complete deletion of an environment, account, or specific data subset.
  • Portability: Migrate configs seamlessly using our official CLI or API endpoints.
  • Objection: Opt out of non-essential analytics or marketing communications.

Frequently Asked Questions

How long is data kept after account cancellation?

After account termination, all active configurations are immediately disabled. Backup snapshots are retained for 30 days for recovery purposes, after which they are permanently and securely erased.

Can I customize audit log retention?

Yes. Pro plans allow up to 3 years of retention. Enterprise customers can configure retention policies up to 10 years or enforce immutable logging for regulatory compliance.

Is my data shared with third parties?

No. We never sell or share your configuration data or PII. We only use strictly vetted infrastructure providers (AWS, GCP) under binding data processing agreements, and never for secondary purposes.

What happens during a legal request?

We respond only to valid, court-ordered legal requests. We will notify affected customers unless legally prohibited, and only disclose the minimum data required to comply.

Need to manage your data?

Export your configs, request deletion, or contact our Data Protection Officer directly.

Export Data Contact DPO