Data Retention Policy

1. Plan-Based History

Event, decision, review and audit history is retained according to the active plan unless a written agreement says otherwise:

• Free Trial: 7 days searchable history;
• Starter: 30 days searchable history;
• Pro: 90 days searchable history;
• Business: 365 days searchable history;
• Enterprise: custom retention after direct review.

2. Trial Expiry And Abuse Signals

Free trials last 7 days. When a trial expires, new event processing is paused until the workspace is upgraded. Existing event, decision, review and audit data remains subject to the 7-day trial history period unless a longer period is required for security, billing, dispute handling or legal obligations.

Trial verification records, browser or network abuse-prevention hashes, signup attempts, reset attempts and related security metadata are normally retained for up to 90 days. They may be retained longer where needed to investigate abuse, protect the platform or comply with legal obligations.

3. Account And Organization Records

Organization, user, role, API key metadata and subscription records are kept while the account is active and for a reasonable period after closure to support billing, security and dispute handling.

If a trial or subscription expires, access to the console and new event processing may be limited according to the plan state. Existing workspace records are not immediately deleted on the renewal date; they remain subject to this retention policy and any applicable billing, security or legal requirements.

4. Access And Security Logs

Access logs, login failure records and security events are normally retained for up to 90 days. Records may be kept longer where needed to investigate abuse, protect the service or meet legal obligations.

5. Backups

Hosted pilot backups are currently rotated for approximately 14 days. Deleted data may remain in encrypted or restricted backups until the relevant backup expires.

Production backups may include a PostgreSQL database dump, workspace state, audit history and selected operational metadata needed to restore the service after an incident.

6. Billing Records

Billing, invoice and payment metadata may be retained for the period required by tax, accounting and legal obligations. Payment card data should be handled by a payment provider rather than stored directly by AEGIS Sentinel.

7. Support And Sales Messages

Contact requests, support messages and pilot onboarding notes may be retained for up to 24 months after the last interaction unless a longer period is needed for a contract, dispute or legal obligation.

8. Deletion Requests

Customers can request deletion or export by contacting aegis.sentinel.team@gmail.com. Some records may be retained where required for security, audit, billing or legal reasons.

Audit exports available inside the console are intended for customer operational review. They may omit internal engine details, private platform signals and protected security logic.

9. Internal Learning

Any future cross-customer learning layer should use aggregated or anonymized operational patterns and should not expose one customer's raw event data to another customer.