Data Retention & Redaction Policy

Effective Date: [EFFECTIVE_DATE]
Version: v1.0
Owner: aisecurity.llc
Applies To: Client materials, research materials, evidence, exports, and publication files

1. Purpose

1.1 This Policy defines how long materials are retained, when they are redacted, and when they are deleted.

1.2 The policy applies across delivery, reporting, trust-center publication, and post-engagement cleanup.

2. Retention Principles

2.1 Retain only what is needed for the work, the record, or a legal obligation.

2.2 Prefer the shortest practical retention period that still supports delivery, review, dispute resolution, and publication controls.

2.3 If a file is no longer needed, it should not remain in active circulation.

3. Default Retention Classes

3.1 Provider may use the following working classes:

• working draft materials;
• active engagement materials;
• client delivery package;
• public-safe publication copy;
• archival research record; and
• delete-on-close material.

3.2 The retention period for each class should be documented in the project plan or applicable agreement when the standard default is not sufficient.

4. Redaction Rules

4.1 Before publication or wider sharing, Provider will redact:

• credentials;
• personal data;
• contact details;
• internal-only references;
• raw source payloads;
• private URLs;
• confidential pricing;
• non-public target lists; and
• other sensitive material that is not needed to understand the point.

4.2 Redaction should not remove the meaning of the document. If it would, the underlying claim should be rewritten or withheld.

5. Retention Schedule

5.1 Unless the applicable agreement states otherwise:

1. engagement work files may be retained through delivery and review;

2. client-sensitive evidence should be reviewed for deletion at engagement close;

3. public-safe publication files may be retained as part of the public record;

4. archived research records should be retained only for the period needed to support methodology continuity, claims review, or legal obligations; and

5. delete-on-close material should be securely removed when the relevant task is complete.

6. Legal Hold and Dispute Hold

6.1 If a legal hold, dispute hold, or regulatory obligation applies, the relevant materials must be preserved until the hold is released.

6.2 Materials on hold should remain access-controlled and clearly labeled.

7. Publication Copies

7.1 Publication copies must be checked for claim-readiness before release.

7.2 The publication copy should be the least sensitive version that still supports the published claim.

7.3 If a publication copy is later superseded, the older version should be archived or removed from active distribution as appropriate.

8. Deletion

8.1 Deletion should be performed using a secure, commercially reasonable process appropriate to the system storing the data.

8.2 If full cryptographic or verifiable deletion is not possible on a given system, Provider should remove access, prevent further use, and document the limitation.

8.3 Deletion records should note the material removed, the date, the method used, and any exceptions.

9. Backups and Replication

9.1 Backup systems may retain copies for operational continuity, but those copies should be governed by the same sensitivity and access principles as the primary record.

9.2 When a deletion request is honored in the primary store, backup removal should occur according to the normal backup lifecycle unless legal obligations require otherwise.

10. Exceptions

10.1 Exceptions require documented approval and a clear end date.

10.2 Exceptions should never be open-ended by default.

11. Review

11.1 Provider should review this Policy periodically and after any material change in data handling, publication workflow, or legal requirements.