Data Retention Policy

FeatureSignals retains data only as long as necessary to provide the service and meet compliance obligations. This policy defines retention periods for each data category. Enterprise customers can configure retention periods to align with their internal policies.

Info

Enterprise customers on Dedicated Cloud or Self-Hosted plans have full control over data retention. Contact your solutions engineer to customize retention periods for your deployment.

Retention Periods

Data Type	Default Retention	Configurable	Description
Evaluation events	30 days	Configurable	Individual flag evaluation records (flag key, user key, evaluation result, timestamp). Used for analytics and debugging. Aggregated metrics are retained indefinitely.
Audit logs	1 year	Configurable	Immutable record of all mutations — flag creation, updates, toggles, deletions, API key rotations, and permission changes. Essential for compliance and security investigations.
User accounts	Until deletion	Fixed	Active user accounts and their associated data (email, name, role, team membership). Retained until you delete the account or your organization is deprovisioned.
Deleted resources (soft delete)	30 days	Configurable	Flags, segments, and environments remain recoverable for 30 days after deletion. After this period, data is permanently purged from all systems including backups.
Backups	30 days	Fixed	Daily database backups retained for 30 days in a separate region. Immutable backups (WORM) retained for 7 days. See Disaster Recovery plan for details.
API access logs	90 days	Configurable	API request metadata (endpoint, method, status, latency, IP address). Used for rate limiting, abuse detection, and debugging. Does not include request bodies.
Webhook delivery logs	30 days	Configurable	Webhook delivery attempts, success/failure status, response codes, and retry counts. Useful for debugging webhook integration issues.
Session tokens	7 days (refresh) / 1 hour (access)	Configurable	JWT access tokens expire after 1 hour. Refresh tokens are valid for 7 days. All tokens are invalidated on password change or account deactivation.

Data Lifecycle

Data in FeatureSignals moves through three stages:

1. Active

Data actively used by the service. Reads, writes, and queries operate against active data. This is the data you see in FlagEngine and the API.

2. Retained

Data past its active use window but retained for compliance, auditing, or recovery. Audit logs and backups fall into this category. Not queryable via standard APIs.

3. Purged

Data permanently deleted from all systems — database, backups, caches, and logs. Cannot be recovered. Purge happens automatically on schedule or on explicit request.

Automated Data Cleanup

FeatureSignals runs automated cleanup jobs to enforce retention policies:

Evaluation event pruning — Runs daily. Deletes evaluation events older than the configured retention period. Aggregated metrics are preserved.
Audit log archival — Runs weekly. Audit entries older than the retention period are exported to cold storage (object storage) before deletion. Enterprise customers can configure their own S3 bucket for archival.
Soft-delete cleanup — Runs daily. Permanently deletes flags, segments, and environments that have been soft-deleted for longer than the configured recovery window.
Session cleanup — Expired tokens are cleaned from the database hourly. Active sessions are unaffected.

Configuring Retention (Enterprise)

Enterprise customers can customize retention periods from FlagEngine:

Navigate to Settings → Organization → Data Retention.
Adjust retention periods for each data category. Minimum and maximum values are enforced based on your plan and compliance requirements.
Changes take effect at the next cleanup cycle (within 24 hours).
Data already past the new retention period will be purged in the next cleanup job.

Warning

Reducing retention periods may permanently delete data needed for compliance audits. Consult your legal and compliance teams before making changes. FeatureSignals recommends keeping audit logs for at least 1 year to satisfy SOC 2 and ISO 27001 requirements.

Data Deletion on Account Closure

When you close your FeatureSignals account or terminate your contract:

All active data is marked for deletion immediately.
Data remains recoverable for 30 days (grace period) in case of accidental closure.
After 30 days, all data is permanently purged from all systems.
Backups containing your data cycle out within 30 days of the purge.
You may request an export of your data before the purge completes.