Data Retention
Understanding data retention is important for compliance. This guide explains how SAR Portal manages data throughout its lifecycle.
Retention Overview
| Data Type | Active Period | After Closure | Retention Period |
|---|---|---|---|
| Case Data | While open | Anonymized | 7 years (audit only) |
| Documents | While case open | Deleted | None after closure |
| Audit Logs | Always | Preserved | 7 years |
| User Data | While active | On request | Until deletion |
Case Data Retention
Active Cases
While a case is open:
- Full personal data stored
- All documents accessible
- Complete editing capability
- Audit trail building
Closed Cases
When a case is closed:
- Status becomes final
- Documents may be archived
- No further editing
- Timeline frozen
Anonymization
After a retention period (configurable):
- Subject name removed
- Email converted to hash
- Phone number removed
- Personal notes redacted
- Audit trail preserved
Why Hash the Email?
The email hash allows:
- Future compliance verification
- Matching without storing email
- Proving request was handled
- While respecting erasure rights
Document Retention
During Active Cases
- Full access to all documents
- Can upload, view, download, delete
- AI processing available
- Redacted versions created
Document Deletion
When documents are deleted:
Soft Delete (Immediate)
- Marked as deleted
- Archived to secure location
- Can be restored
- Audit entry created
Permanent Delete (On Case Closure)
- Physically removed
- Not recoverable
- Storage freed
After Case Closure
All documents are permanently deleted:
- Original files removed
- Redacted versions removed
- Blobs deleted from storage
- Cannot be recovered
This aligns with data minimization principles - don’t keep data longer than necessary.
Audit Log Retention
Standard Retention: 7 Years
Based on:
- GDPR Article 17(3)(e) - legal claims defense
- Typical statute of limitations
- Regulatory guidance
What’s Retained
- All event entries
- Timestamps
- User identifiers
- Action descriptions
- Email hashes (after anonymization)
What’s NOT Retained Long-term
- Personal data in clear text
- Document contents
- Communication bodies
- Sensitive case notes
User Data Retention
Active Users
Full account data retained:
- Name and email
- Role and permissions
- Activity history
- Preferences
Deactivated Users
When a user is deactivated:
- Login disabled
- Data preserved for audit
- Can be fully deleted on request
User Deletion
On GDPR deletion request:
- Account fully removed
- Audit entries anonymized
- References become “Deleted User”
- Historical actions preserved (anonymized)
Tenant/Organization Retention
Active Organizations
All data retained:
- Cases and documents
- User accounts
- Settings and configuration
- Billing information
Organization Deletion
When the last admin deletes the organization:
-
Immediate
- All user accounts removed
- Stripe subscription cancelled
- Login disabled
-
Within 30 Days
- All cases anonymized
- All documents deleted
- Blobs removed from storage
-
Retained
- Anonymized audit logs (7 years)
- Billing records (legal requirement)
Configuring Retention
Case Anonymization Timing
Configure when closed cases are anonymized:
- After 30 days (default)
- After 90 days
- After 1 year
- Custom period
Go to Settings > Advanced to configure.
Legal Hold
For cases under legal hold:
- Anonymization suspended
- Documents preserved
- Normal retention paused
- Until hold removed
Data Minimization
SAR Portal follows data minimization principles:
Collect Only What’s Needed
- Minimum required fields
- Optional fields clearly marked
- No unnecessary data collection
Store Only While Needed
- Active cases: full data
- Closed cases: anonymized
- Documents: deleted after closure
Delete When No Longer Needed
- Automatic anonymization
- Document purging
- User deletion support
Compliance Reports
Generate retention compliance reports showing:
- Data currently stored
- Anonymization schedules
- Deletion logs
- Storage usage
Your Responsibilities
As the data controller, you should:
-
Inform Data Subjects
- Include retention periods in privacy notice
- Explain anonymization vs deletion
- Describe audit log retention
-
Configure Appropriately
- Set retention periods matching your policy
- Enable legal holds when needed
- Review settings periodically
-
Honor Deletion Requests
- Process account deletions promptly
- Understand what can/cannot be deleted
- Explain retained audit logs
Legal Basis for Retention
Audit log retention is based on:
- GDPR Article 17(3)(e): Exemption from erasure for “establishment, exercise or defence of legal claims”
- Legitimate Interest: Defending against future complaints
- Legal Obligation: Various record-keeping requirements
This is documented in our DPA and privacy notice.