Data Retention

Configure how long RADAR retains evidence. Retention is enforced at the storage layer with configurable policies per environment and legal hold support.

Retention model

RADAR retains evidence in three tiers, each independently configurable:

  • Name
    Hot (active) 7–30 days
    Description

    Traces, findings, and control mappings available for dashboard search, review, and real-time export. Stored uncompressed for low-latency access.

  • Name
    Warm (retention) 30–365 days
    Description

    Compressed records retained for regulatory compliance. Available for bulk export, SIEM replay, and audit requests.

  • Name
    Cold (archive) 1–7 years
    Description

    Exported packs in read-only format with cryptographic integrity. Suitable for regulator retention requirements and legal holds.

Configuration

# Evaluation (14 days)
docker exec radar radar retention set --days 14

# Production (90 days) with enforcement
docker exec radar radar retention set --days 90 --enforce

# View current policy
docker exec radar radar retention status
# Policy: 90 days | Enforced: yes
# Storage: 24.7 GB / 500 GB (4.9%)
# Oldest record: 2026-02-04
# Legal holds: 2

When enforcement is enabled, records beyond the retention window are automatically purged daily. The purge operation is logged as a compliance event.

Apply legal hold to specific sessions, agents, or time ranges to prevent automated purging.

# Apply hold to a session
docker exec radar radar retention hold add \
  --session sess_abc123 --reason "Pending litigation"

# Apply hold by time range
docker exec radar radar retention hold add \
  --since "2026-03-01" --until "2026-04-01" \
  --reason "Regulatory investigation"

# List and release holds
docker exec radar radar retention hold list
docker exec radar radar retention hold remove hold_01

Storage backends

  • Name
    Local volume
    Description

    Default for evaluation and single-node. Docker volume or host path. No additional infrastructure.

  • Name
    NFS / NAS
    Description

    Shared storage for multi-node. Evidence accessible across RADAR instances. Recommended for production.

  • Name
    S3-compatible
    Description

    Object storage for cold archive. MinIO (on-prem), AWS S3, or S3-compatible. Encrypted at rest with customer-managed keys.

Compliance mapping

  • Name
    EU AI Act Art. 12
    Description

    Records retained for auditor access. Configurable retention matches organizational policies.

  • Name
    GDPR Art. 5(1)(e)
    Description

    Data minimization: retention limited to purpose. Configurable periods with automatic enforcement.

  • Name
    GDPR Art. 17
    Description

    Right to erasure: session-level deletion and full purge with attestation.

  • Name
    HIPAA 164.316
    Description

    Retention of documentation for 6+ years. Cold archive tier with cryptographic integrity.

  • Name
    SOC 2 CC7.2
    Description

    Monitoring and retention of monitoring results per organizational policy.

Was this page helpful?