Data Retention
Configure how long RADAR retains evidence. Retention is enforced at the storage layer with configurable policies per environment and legal hold support.
Retention model
RADAR retains evidence in three tiers, each independently configurable:
- Name
Hot (active) 7–30 days- Description
Traces, findings, and control mappings available for dashboard search, review, and real-time export. Stored uncompressed for low-latency access.
- Name
Warm (retention) 30–365 days- Description
Compressed records retained for regulatory compliance. Available for bulk export, SIEM replay, and audit requests.
- Name
Cold (archive) 1–7 years- Description
Exported packs in read-only format with cryptographic integrity. Suitable for regulator retention requirements and legal holds.
Configuration
# Evaluation (14 days)
docker exec radar radar retention set --days 14
# Production (90 days) with enforcement
docker exec radar radar retention set --days 90 --enforce
# View current policy
docker exec radar radar retention status
# Policy: 90 days | Enforced: yes
# Storage: 24.7 GB / 500 GB (4.9%)
# Oldest record: 2026-02-04
# Legal holds: 2
When enforcement is enabled, records beyond the retention window are automatically purged daily. The purge operation is logged as a compliance event.
Legal hold
Apply legal hold to specific sessions, agents, or time ranges to prevent automated purging.
# Apply hold to a session
docker exec radar radar retention hold add \
--session sess_abc123 --reason "Pending litigation"
# Apply hold by time range
docker exec radar radar retention hold add \
--since "2026-03-01" --until "2026-04-01" \
--reason "Regulatory investigation"
# List and release holds
docker exec radar radar retention hold list
docker exec radar radar retention hold remove hold_01
Holds are audit-logged and require explicit release. Active holds are visible in retention status output.
Storage backends
- Name
Local volume- Description
Default for evaluation and single-node. Docker volume or host path. No additional infrastructure.
- Name
NFS / NAS- Description
Shared storage for multi-node. Evidence accessible across RADAR instances. Recommended for production.
- Name
S3-compatible- Description
Object storage for cold archive. MinIO (on-prem), AWS S3, or S3-compatible. Encrypted at rest with customer-managed keys.
Compliance mapping
- Name
EU AI Act Art. 12- Description
Records retained for auditor access. Configurable retention matches organizational policies.
- Name
GDPR Art. 5(1)(e)- Description
Data minimization: retention limited to purpose. Configurable periods with automatic enforcement.
- Name
GDPR Art. 17- Description
Right to erasure: session-level deletion and full purge with attestation.
- Name
HIPAA 164.316- Description
Retention of documentation for 6+ years. Cold archive tier with cryptographic integrity.
- Name
SOC 2 CC7.2- Description
Monitoring and retention of monitoring results per organizational policy.