Retention

Data Retention Policy

How long RequestFlow keeps product data, uploaded files, exports, logs, support grants, and backups.

Last updated: June 9, 2026

What this page covers

RequestFlow uses retention rules designed for client document collection. Firms remain responsible for their own regulatory retention obligations and client consent practices.

Uploaded files

Active uploaded files remain available until a request, file, or organization is deleted, or until the customer exports or deletes the file.

  • Pending quarantine files stay pending until scan success or failure, with a 24-hour maximum pending window.
  • Security-blocked file objects are deleted within 24 hours after the blocked status unless a legal hold is manually added by the platform owner.
  • Orphan upload objects are deleted after the upload session expires plus cleanup time.

Exports

Generated ZIP exports are temporary.

  • Generated ZIP exports expire 24 hours after export job success.
  • Exports do not count toward storage quota while retained.
  • Firms should download and store exports according to their own retention policy.

Logs and audit records

RequestFlow keeps audit and operational records to support security, traceability, billing, and support.

  • Audit events remain while the organization is active, with seven years recommended for active firms.
  • Operational logs are retained for 30 days and must not contain raw tokens or file contents.
  • Email and billing event records are retained for 365 days.
  • Support access grants are retained for three years.

Billing, backups, and organization deletion

Some records are retained separately for accounting, recovery, or legal reasons.

  • Billing records are retained for seven years for invoices and subscription details required for accounting.
  • Backups use a 30-day rolling retention window and expire no later than 35 days.
  • Deleted organization data is hard-deleted from active systems within 30 days, with backup expiration following the backup schedule.

Questions before launch?

Tell us what your firm needs to know before launch, and we will follow up with the right privacy, terms, or security details.

Get early access