Data Retention Policy
Last updated: 2026-04-07
This page explains how Silo approaches data retention at an operational level. Exact retention can vary by deployment, contract, or legal hold, but the categories below describe the default model used by the product.
Data room access requests and view logs
Two new categories were added with the gated portal launch:
| Category | Default retention |
|---|---|
access_requests — sign-in identity and approval status | Retained while the portal is operational; deleted on user request. |
dd_views — per-page view logs of reviewers | Retained for 12 months from the date of view, then anonymized (user_id and IP cleared). |
Retention model by category
| Data category | Typical use | Retention approach |
|---|---|---|
| Access logs, audit events, auth failures, rate-limit events | Security, abuse prevention, incident response, support | Retained as long as reasonably needed for operational security and troubleshooting; exact duration depends on deployment controls |
Session memories (remember / recall) | Session-scoped helper memory | Retained for the TTL chosen by the caller, from 60 seconds up to 30 days |
| Chat conversations and messages | Multi-turn chat support | Retained until deleted by product controls or operator action |
| Workflow records and review events | Async processing, reviewability, audit trail | Retained while needed to operate, inspect, or support the workflow |
| Generated artifacts and uploaded files | PDF workflow execution and downloadable outputs | Retained while the workflow and its artifacts remain operationally necessary, until deleted or lifecycle-managed by the deployment |
| Temporary caches and short-lived control keys | Performance and rate limiting | Short-lived only; expires automatically through cache TTLs |
| Backups and recovery copies | Service recovery and continuity | Retained according to infrastructure backup policies, then expires on provider-managed schedules |
Deletion and exceptions
Deletion can be delayed or limited when retention is required for:
- security investigations;
- fraud or abuse response;
- legal or contractual obligations;
- backup or disaster-recovery windows that have not yet expired.
Even after content deletion, aggregated metrics or sanitized operational records may remain if they no longer identify the original content and are still needed for observability or audit purposes.
Requesting deletion
For deletion or retention questions, write to diego@sens.legal.
Please do not post sensitive data in a public ticket. If you need a private path and do not have one yet, request a private follow-up first.