Skip to main content
The Data Retention Policy is the canonical record of how long botBrains keeps each category of data and how we securely delete it when it’s no longer needed. botBrains retains data only as long as there is a business, contractual, or legal need, then disposes of it securely.
botBrains is not yet ISO 27001 certified. We are preparing our ISMS and writing these policies as part of pursuing certification, and we fully intend to get our controls attested.

Scope

This policy applies to all data botBrains holds, across the EU production environment, backups, and operational tooling. The Data Classification Policy classifies data; this policy governs how long botBrains keeps each class.

Customer control

Customers control retention and deletion of their own conversation and personal data directly in the platform. They can search, export, and delete this data at any time. botBrains, as the processor, acts on the customer’s instructions under the Data Processing Agreement.

Deletion on contract end

When a contract ends, botBrains deletes the customer’s Customer Data from the production environment within 90 days of contract termination and doesn’t start new processing. Deleted data ages out of backups. botBrains retains only what applicable law requires it to keep, for the period the law requires.

Retention matrix

Data categoryStoreRetention
Customer Data (conversations, end-user personal data, uploads)AWS managed database and object storage, GermanyWhile the contract is active or until the customer deletes it. botBrains deletes it within 90 days of contract termination
Account and billing dataAWS production environmentDuration of the customer relationship, plus statutory retention required under German commercial and tax law
Database backups (PITR and write-ahead logs)AWS, Germany, replicated to Ireland30 day recovery window, after which older points expire automatically
AI interaction traces (model inputs and outputs)Langfuse, EURetained for the operational lifetime of the trace store pending a defined maximum under review. botBrains hasn’t yet set a shorter contractual cap and is reviewing this for data minimization
Application logs, metrics, and alertsBetter Stack, EU30 days, then deleted
Error tracking eventsSentry, EU90 days
Product analyticsPostHog7 years
Security and audit records (incident log, access reviews, and similar ISMS records)botBrains ISMS tooling, EUMinimum 10 years, aligned with German commercial and tax retention (§257 HGB / §147 AO)
Vulnerability finding recordsbotBrains ISMS tooling, EU5 years
The Subprocessors page lists subprocessors and their data locations.

Secure deletion

Deletion uses logical erasure from the production database and object storage, after which the data ages out of backups as the recovery window rotates. botBrains stores Customer Data only in EU cloud services, not on endpoints, so there are no local drives or removable media to wipe. The Asset Management Policy covers endpoint disposal; full-disk encryption renders data on a decommissioned, encrypted laptop unrecoverable once botBrains destroys the keys. If botBrains becomes subject to a legal hold or a statutory retention obligation, it preserves the affected data for the required period, exempt from the schedule above until the obligation ends.

ISO 27001 mapping

This policy supports Annex A 5.33 (protection of records), 5.34 (privacy and protection of personal identifiable information), and 8.10 (information deletion).

Review

The CISO owns this policy and reviews it at least annually and on any material change.