Data Retention
Configure how long sessions, messages, embeddings, and audit logs are retained, and enable automatic PII redaction.
dataRetentionConfig controls data lifecycle across all tenant data. Defaults are set at account creation and can be updated at any time.
Schema
Retention periods
| Field | Default | Description |
|---|---|---|
session_retention_days | 30 | AI sessions are purged after this period of inactivity |
message_retention_days | 90 | Individual messages within sessions |
artifact_retention_days | 365 | Files and generated content attached to sessions |
embedding_retention_days | 365 | Vector embeddings from the knowledge base |
audit_log_retention_days | 730 | Compliance audit log entries — 2 years default |
Setting any field to null disables automatic purging for that data type (data is kept until manually deleted).
PII handling
auto_redact_pii
When true, PII detected in messages (names, email addresses, phone numbers, national IDs) is automatically redacted before storage. Default: true.
Redacted fields are replaced with [REDACTED] markers. The original content is never stored.
pii_retention_days
How long PII-containing data is retained before purge, even if message_retention_days is longer. Default: 7 days. Setting this short ensures PII is not retained beyond what is operationally necessary.
Consent flags per request
Individual requests can override retention behaviour at the user level using the consent field:
When allow_data_storage: false, the request is processed but no messages or session data are persisted. Useful for privacy-sensitive workflows or when a user has opted out of data storage.
Compliance
- Audit logs are immutable and tamper-evident
- All data is scoped by
tenant_id— no data is shared between tenants - GDPR data subject access requests and deletion requests should be handled via the admin API or by contacting support