Data Retention Policy
This policy describes how SOC2Assistant stores, retains, and securely deletes customer data and governance intelligence records.
Customer Data Retention
SOC2Assistant retains customer governance data, control implementation records, and uploaded evidence while an organization maintains an active account on the platform.
Customers may request deletion of their organization account at any time. Upon account deletion, associated data will be permanently removed from production systems within thirty (30) days.
Audit Logs and Security Records
SOC2Assistant maintains audit logs for governance actions, authentication events, and security monitoring activities.
These records may be retained for longer periods to support security monitoring, fraud detection, and compliance purposes.
System Backups
Encrypted system backups may contain customer data and are retained for disaster recovery purposes.
Backup data is automatically deleted after a maximum retention period of thirty-five (35) days.
Data Security
SOC2Assistant protects stored data using encrypted database connections, strict access controls, authentication safeguards, and comprehensive audit logging.
Data Requests
Customers may request information about stored data or request deletion of their organization data by contacting:
security@soc2assistant.com