Retention & Deletion
Retention should match the work, evidence, and legal obligations.
SupraOS produces operational state, Receipts, evidence references, and value records. Retention should be governed by the customer agreement, workflow class, regulatory needs, evidence requirements, and deletion obligations.
Retention classes
| Data type | Example retention approach |
|---|---|
| Website/pre-sales data | Retained as needed for communications, access review, records, and security. |
| Source references | Retained as needed for Receipts and proof unless deleted under policy. |
| Work Object state | Retained according to workflow class and contract. |
| Receipts | Often require longer retention for audit/proof obligations. |
| Value Ledger | Retained to support historical impact measurement and reporting. |
| Logs | Retained for security, debugging, audit, and operations according to policy. |
Deletion principles
- Support deletion requests consistent with customer agreements and legal obligations.
- Separate deletion of source data from deletion of references or Receipt metadata where appropriate.
- Preserve evidence where legal hold or audit retention requires it.
- Provide export options where supported by the engagement.
Copy note
SupraOS should avoid promising universal deletion of all derived artifacts if Receipts or audit obligations may require preservation.
Need deeper diligence?
Qualified evaluators can request security review materials or start with a read-only Company Scan.