Enforster AI is committed to responsible data management through clear retention policies that balance business needs with privacy protection and regulatory compliance.

🎯 Policy Overview

This policy defines how long we retain different types of data, when and how we delete it, and the processes we follow to ensure compliance with our retention commitments.

Data Classification

Data Categories

  • Account Data: User profiles, authentication information, preferences
  • Operational Data: Service usage, performance metrics, system logs
  • Security Data: Vulnerability scans, threat intelligence, incident logs
  • Communication Data: Support tickets, feedback, marketing interactions
  • Analytics Data: Aggregated usage statistics and performance data

Sensitivity Levels

  • Public Data: Non-sensitive information available to all users
  • Internal Data: Company internal information with limited access
  • Confidential Data: Sensitive business information requiring protection
  • Restricted Data: Highly sensitive information with strict controls

⏰ Retention Periods

Account and User Data

  • Active Account Data: Retained while account is active
  • Inactive Account Data: Retained for 12 months after last activity
  • Account Deletion: Complete removal within 30 days of deletion request
  • Profile Information: Retained for 24 months after last update
  • Authentication Logs: Retained for 12 months for security purposes

Service and Operational Data

  • Repository or Codes: Deleted once scanned is finished
  • Scan Results: Retained for 36 months for compliance and analysis
  • Performance Metrics: Retained for 24 months for service optimization
  • System Logs: Retained for 12 months for troubleshooting and security
  • API Usage Data: Retained for 18 months for rate limiting and optimization
  • Integration Data: Retained for 24 months after integration removal

Security and Compliance Data

  • Vulnerability Reports: Retained for 84 months (7 years) for compliance
  • Incident Logs: Retained for 84 months for regulatory compliance
  • Audit Trails: Retained for 84 months for compliance requirements
  • Compliance Reports: Retained for 84 months for regulatory audits

Communication and Support Data

  • Support Tickets: Retained for 36 months for service improvement
  • Feedback and Reviews: Retained for 24 months for product development
  • Marketing Communications: Retained for 24 months for campaign analysis
  • Customer Surveys: Retained for 18 months for trend analysis
  • Training Materials: Retained for 36 months for educational purposes

🗑️ Data Deletion Process

Automatic Deletion

  • Scheduled Cleanup: Automated deletion based on retention schedules
  • Batch Processing: Efficient bulk deletion during low-usage periods
  • Verification: Confirmation of successful deletion
  • Audit Logging: Complete audit trail of deletion activities
  • Error Handling: Retry mechanisms for failed deletions

Manual Deletion

  • Customer Requests: Immediate deletion upon customer request
  • Legal Requirements: Deletion required by law or regulation
  • Business Decisions: Strategic deletion for business reasons
  • Security Incidents: Emergency deletion for security reasons
  • Compliance Audits: Deletion for compliance verification

Deletion Methods

  • Logical Deletion: Removal from active systems and databases
  • Physical Deletion: Secure deletion from storage media
  • Backup Cleanup: Removal from backup systems and archives
  • Third-Party Removal: Deletion from integrated services
  • Verification: Confirmation of complete data removal

🔒 Data Protection During Retention

Security Measures

  • Encryption: AES-256 encryption for all retained data
  • Access Controls: Role-based access to retained data
  • Audit Logging: Complete access and modification logging
  • Data Segregation: Logical separation of different data types
  • Regular Security Reviews: Periodic security assessments

Access Management

  • Authorized Personnel: Limited access to essential personnel
  • Access Justification: Business justification required for access
  • Temporary Access: Time-limited access for specific purposes
  • Access Monitoring: Real-time monitoring of data access
  • Incident Response: Rapid response to unauthorized access

Retention Monitoring and Reporting

Monitoring Systems

  • Automated Tracking: Real-time retention period monitoring
  • Alert Systems: Notifications for approaching retention limits
  • Compliance Dashboards: Visual retention compliance status
  • Regular Reviews: Periodic retention policy reviews
  • Performance Metrics: Retention efficiency and accuracy metrics

Reporting and Analytics

  • Retention Reports: Regular retention compliance reports
  • Data Inventory: Comprehensive data retention inventory
  • Trend Analysis: Retention pattern and efficiency analysis
  • Executive Summaries: Board-level retention reporting

🔄 Policy Updates and Reviews

Review Schedule

  • Annual Review: Comprehensive policy review and updates
  • Quarterly Updates: Minor updates and clarifications
  • Regulatory Changes: Updates for new compliance requirements
  • Business Changes: Updates for business process changes
  • Technology Changes: Updates for technology infrastructure changes

Update Process

  • Stakeholder Review: Input from legal, compliance, and business teams
  • Customer Notification: Advance notice of significant changes
  • Employee Training: Updated training for policy changes
  • Documentation Updates: Complete documentation updates
  • Implementation Planning: Detailed implementation planning

🚨 Exceptions and Special Cases

Extended Retention

  • Legal Requirements: Extended retention for legal compliance
  • Regulatory Investigations: Retention during government inquiries
  • Security Incidents: Extended retention for security analysis
  • Business Continuity: Extended retention for business operations
  • Historical Analysis: Extended retention for research purposes

Reduced Retention

  • Customer Requests: Reduced retention upon customer request
  • Business Decisions: Strategic reduction for business reasons
  • Technology Changes: Reduced retention for technology updates
  • Cost Optimization: Reduced retention for cost management
  • Performance Optimization: Reduced retention for performance reasons

📞 Contact and Support

Policy Questions

Data Requests

  • Data Access: Access to your retained data
  • Data Deletion: Request for data deletion
  • Data Export: Export of your retained data
  • Retention Review: Review of your data retention
  • Policy Clarification: Clarification of retention policies

📋 Implementation and Training

Employee Training

  • Policy Awareness: Regular policy training for all employees
  • Role-Specific Training: Specialized training for data handlers
  • Compliance Training: Regular compliance and legal training
  • Security Training: Ongoing security awareness training
  • Update Training: Training for policy changes and updates

Process Documentation

  • Standard Operating Procedures: Detailed retention procedures
  • Workflow Documentation: Step-by-step retention workflows
  • Checklist Templates: Retention compliance checklists
  • Training Materials: Comprehensive training documentation
  • Reference Guides: Quick reference retention guides

🔍 Auditing and Compliance

Internal Audits

  • Regular Audits: Quarterly internal retention audits
  • Process Audits: Regular process efficiency audits
  • Security Audits: Regular security compliance audits
  • Performance Audits: Regular performance and efficiency audits

External Audits

  • Third-Party Audits: Independent third-party audits
  • Penetration Testing: Regular security penetration testing
This Data Retention Policy is part of our commitment to responsible data management and regulatory compliance. We regularly review and update this policy to ensure it remains current with legal requirements and business needs. For questions about this Data Retention Policy, please contact us at privacy@enforster.ai