Data Retention and Deletion Policy

Retain only the minimum data required to operate the service, support customers, detect abuse, satisfy contractual/legal obligations, and preserve security audit evidence.

Separate active data from backups, logs, and immutable security records so deletion requests can be handled transparently.

Account and workspace records: retained while the account is active and for a limited post-termination period needed for support, dispute handling, or legal requirements.

Run metadata and orchestration traces: retained according to plan, workspace settings, or enterprise agreement; customers may request shorter retention where supported.

API keys: secret values are not stored after creation; key metadata and revocation events are retained for auditability.

Security logs and audit logs: retained long enough to investigate abuse, incidents, and unauthorized access; deletion may be restricted where logs are required for security evidence.

Backups: deleted data may remain in encrypted backups until normal backup expiry, after which it is no longer recoverable through ordinary operations.

Deletion requests are verified for authority, scoped to the relevant tenant/user/data class, executed in active systems, and recorded in a deletion ticket or audit event.

Where immediate deletion is not technically possible because of backups or immutable logs, AdaptOrch records the limitation and ensures the data expires through normal lifecycle controls.

For support questions, contact ict03@rfems.com. For security reports, contact ict03@rfems.com. For privacy requests, contact ict03@rfems.com.