Security & Compliance
Data Retention & Deletion Policy
How long we keep data and how it is deleted.
- Status
- Active
- Effective
- June 3, 2026
- Owner
- Chief Information Security Officer
Retention Schedules
Operational logs 90 days, security logs 1 year, audit logs 7 years (then archive), case content per institutional schedule (default 7 years post-closure).
Deletion
Verified delete requests trigger soft-delete, then cryptographic shred within 30 days unless held under legal preservation.
Backups
Encrypted daily snapshots with 30-day retention; deletions propagate to backups on the next snapshot cycle.