Data retention

This page explains what data VeraFrame stores, where it stores it, how long, and how you can export or delete it. Every retention window can be adjusted for your tenant; the defaults are chosen for a sensible balance of recoverability and minimization.

What data VeraFrame stores

Source material

The files you upload to source groups are stored in a tenant-scoped S3 bucket in an EU AWS region. They persist until you delete them explicitly (via the Sources tab or the API). There is no automatic expiration — VeraFrame will not purge your source material on its own.

API-backed source groups do not store data at all; they fetch from your systems at request time.

Validation history

Every validation (request, output, trust report, corrections) is stored in DynamoDB. Default retention:

90 days (HISTORY_TTL_DAYS=90), after which records are automatically deleted by DynamoDB TTL.

Configurable upward for tenants with stricter retention requirements. Not configurable below 30 days without explicit agreement.

Audit events

When the audit_trail feature is enabled, audit events are stored separately from validation history. Default retention:

365 days (audit_retention_days=365), after which records are automatically deleted.

Audit events are typically retained longer than validation history, because the decision trail must survive the underlying data. For EU AI Act high-risk deployments the minimum retention is usually at least 6 months; for financial and health contexts it may be 5+ years.

User accounts

User records persist for the life of the tenant. Deleting a user removes their ability to sign in but preserves the user ID reference in past validation and audit records (otherwise the audit trail would lose actor identity).

Billing records

Billing history is stored by Stripe, not by VeraFrame. VeraFrame keeps the minimal identifiers needed to link a tenant to its Stripe customer record. For invoices, payment history, and tax records, see the Stripe customer portal.

Where data lives

All data is stored in the EU. VeraFrame does not process data in US or other non-EU regions.

Source material: AWS S3, tenant-scoped bucket, EU region.
Validation and audit data: AWS DynamoDB, EU region.
Billing metadata: Stripe (EU data residency applies).
Logs: AWS CloudWatch, EU region, short retention (typically 30 days).

Exporting data

Before deletion or cancellation, you can export all data associated with your tenant:

In the Admin dashboard, use Export account.
VeraFrame produces a bundle containing:
- Source group metadata (not the file contents — those remain in your S3 bucket and can be downloaded via the AWS console or a sync tool).
- All validation history in JSON.
- All audit events in JSON (for tenants with audit trail enabled).
- Configuration snapshot.

Deleting data

Delete a single file or source group

Use the Sources tab in the Admin dashboard. See Managing source groups.

Delete validation history early

Individual validations can be deleted from the Admin dashboard (admin role required). Deletion removes the validation record but leaves a corresponding audit event marking the deletion.

Delete the entire tenant

The Delete account action in the Admin dashboard triggers permanent deletion:

All source material in the tenant’s S3 bucket is deleted.
All validation history is deleted.
All audit events are deleted.
All user accounts are deleted.
The tenant’s configuration is deleted.

This is irreversible. Stripe retains its own billing records as required by tax law; VeraFrame does not control that retention.

If a data subject (typically an end user of your service) exercises rights under GDPR — right to access, right to erasure — you handle the request in your own system. VeraFrame acts as a processor for your tenant. To support you in responding:

Validation records can be filtered by user ID for access requests.
Targeted deletion of validations matching a user can be performed from the Admin dashboard or via the API.

Contact michael@veraframe.io for unusual or large-scale requests.