Data Handling
Minimal retention, automatic deletion, encryption at rest.
Data lifecycle
| Stage | Retention | Deletion |
|---|---|---|
| Upload (raw ZIP) | Up to 24 hours (automatic deletion) | Automatic |
| Processed outputs | 30 days (links expire; automatic deletion) | Automatic (links expire) |
| Billing/accounting records | 7 years (standard accounting/tax retention) | Per retention policy |
| API key hashes | Until revoked | On revocation + grace period |
What we store
- File content: Temporarily during processing. Deleted within 24 hours.
- Classification results: Bucket labels and confidence scores per file. No file content.
- Manifest hashes: SHA-256 hashes of each file in the kit. Not reversible to content.
- Job metadata: Job ID, status, timestamps, partner ID. No file content.
What we never store
- Plaintext API keys or tokens (only hashes)
- Partner credentials for upstream systems
- File content after the retention window
Encryption
- At rest: Google-managed AES-256 (Cloud SQL, Cloud Storage).
- In transit: TLS 1.2+ enforced on all endpoints.
- CMEK: Customer-managed encryption keys available for Enterprise MMC lanes only.
Subprocessors
See the full subprocessor list for details on all third-party services involved in data processing.
Data residency
All processing and storage occurs in northamerica-northeast1 (Montréal). No data leaves this region during processing.
