Retention Policy

Specification v2.0.3 — Effective Date: February 2026

Default Retention

Default retention periods are defined in the applicable engagement agreement and may vary by artifact type and institutional requirements. In the absence of a specific retention schedule, data is retained for the minimum period required by applicable law or regulation.

Configurable Retention

Retention periods are configurable to align with specific legal, regulatory, or institutional requirements as specified in the applicable engagement agreement.

Deletion

Upon expiration of retention periods, data is deleted in accordance with the deletion procedures specified in the applicable engagement agreement and data processing addendum. Deletion may be deferred by legal holds, regulatory requirements, or court orders.

Export

Authorized institutional participants may request data export during the retention period, subject to the terms and procedures specified in the applicable engagement agreement.

Specification Version 2.0.3 — Effective Date: February 2026