1. Principles

We aim to retain data only as long as necessary for delivering the Services, security, support, and legal/accounting requirements.

2. Retention periods by plan

Scan Results & Reports

Demo7 days

Starter30 days

Proup to 180 days

Enterpriseup to 365 days (contracted)

MSSPup to 730 days (contracted)

Audit and security logs may be retained longer for investigation and compliance purposes.

3. Retention by category

Your plan may offer configurable retention with maximum limits. Typical retention periods (subject to plan/contract):

Retention Periods

Account and billing records

User info, invoices, payment history

As required for accounting, fraud prevention, disputes

Scan metadata and findings

Vulnerability data, scan configurations

Per plan retention settings

Reports (PDF/HTML)

Generated reports, share links

Per plan; share links may expire earlier

Audit logs

Security events, access logs

Typically longer than scan data

Support tickets

Communications, attachments

While active + reasonable period after closure

4. Customer-configurable retention

Organization administrators may select retention periods up to the plan's maximum. Some data types (e.g., billing records) may not be deletable immediately due to legal obligations.

5. Deletion on termination

Upon account closure or termination:

we delete or de-identify Customer Data within a reasonable period, except where retention is required for legal obligations, security investigations, or disputes.
backups follow a normal expiry cycle; deleted data may persist in backups until backups expire.

6. Exports

Where supported by plan, customers may export reports and selected data prior to deletion.