Data Retention & Lifecycle

Configure how long AKIOS Pro retains evidence records. Retention is enforced at the storage layer and supports configurable policies per environment.

Retention Model#

AKIOS Pro retains evidence in three tiers. Each tier has independent retention policies configurable per environment. Expired records are automatically purged when enforcement is enabled, or flagged for manual review when enforcement is disabled.

Hot (active)

7–30 days

Traces, findings, and control mappings available for dashboard search, review, and real-time export. Stored uncompressed on local or network-attached volumes for low-latency access.

Warm (retention)

30–365 days

Compressed evidence records retained for regulatory compliance obligations. Available for bulk export, SIEM replay, and audit requests. Configurable per framework.

Cold (archive)

1–7 years

Exported evidence packs in read-only format with cryptographic integrity verification. Suitable for regulator retention requirements, legal holds, and historical analysis. Stored on object storage or tape.

Configuration#

Set retention policies per environment during AKIOS Pro deployment. Policies apply globally by default and can be overridden per evidence category.

bash

# Set retention for evaluation environment (14 days)
docker exec akios-pro akios retention set --days 14

# Set retention for production (90 days)
docker exec akios-pro akios retention set --days 90

# Set retention for regulated workload (365 days) with enforcement
docker exec akios-pro akios retention set --days 365 --enforce

# View current policy and usage
docker exec akios-pro akios retention status
# Policy: 90 days | Enforced: yes
# Storage: 24.7 GB / 500 GB (4.9%)
# Oldest record: 2026-02-04
# Legal holds: 2 (sess_abc123, time_range: 2026-03-01–2026-04-01)

Retention enforcement

When enforcement is enabled, records beyond the retention window are automatically purged daily. The purge operation is logged as a compliance event with count and attestation. Without enforcement, expired records are flagged in the dashboard but preserved for manual review.

Legal hold

Apply legal hold to specific sessions, agents, or time ranges to prevent automated purging. Holds are audit-logged and require explicit release. Active holds are visible in retention status output.

bash

# Apply legal hold to specific sessions
docker exec akios-pro akios retention hold add \
  --session sess_abc123 --reason "Pending litigation"

# Apply hold by time range
docker exec akios-pro akios retention hold add \
  --since "2026-03-01" --until "2026-04-01" \
  --reason "Regulatory investigation Q1 2026"

# List active holds
docker exec akios-pro akios retention hold list
# Hold ID | Scope | Reason | Created by | Created at
# hold_01 | sess_abc123 | Pending litigation | admin@co | 2026-05-01

# Release a hold
docker exec akios-pro akios retention hold remove hold_01

Data Deletion#

AKIOS Pro supports deletion at record, session, and time-range levels. All deletions are logged as compliance events with cryptographic purge attestation.

bash

# Delete a specific session
docker exec akios-pro akios retention delete --session sess_8f7d3a1e

# Delete all records older than 30 days
docker exec akios-pro akios retention delete --before "2026-04-04"

# Full purge with cryptographic attestation
docker exec akios-pro akios retention purge --confirm \
  --output /data/purge-attestation-2026-05-04.json

# Purge attestation includes: timestamp, operator, scope, SHA-256
# of deleted records, and a signed statement of irrecoverable deletion

Deletion auditing

All deletion operations are recorded as compliance events with: requesting user, scope (session/time range/type), record count, and timestamp. Purge operations generate a cryptographically signed attestation that data has been irrecoverably removed. Attestations are stored separately for audit trail continuity.

Storage Backends#

Local volume

Default for evaluation and single-node deployments. Evidence stored on Docker volume or host path. Simple, no additional infrastructure. Suitable for teams evaluating AKIOS Pro or running moderate evidence volumes.

NFS / NAS

Shared storage for multi-node deployments. Evidence accessible across AKIOS Pro instances for high availability. Recommended for production deployments requiring failover.

S3-compatible

Object storage for long-term archive and cold tier. Supports MinIO (on-prem), AWS S3, and S3-compatible storage. Encrypted at rest with customer-managed keys. Ideal for multi-year retention requirements.

bash

# Configure S3-compatible storage for cold archive
docker exec akios-pro akios storage add s3 \
  --bucket akios-evidence-archive \
  --endpoint https://minio.internal:9000 \
  --region us-east-1 \
  --access-key $MINIO_ACCESS_KEY \
  --secret-key $MINIO_SECRET_KEY \
  --tier cold

# Verify storage configuration
docker exec akios-pro akios storage status
# Hot: 24.7 GB (local volume) / Warm: 0 GB / Cold: 142 GB (minio.internal)

Compliance Mapping#

AKIOS Pro retention controls map directly to regulatory requirements for data retention and deletion.

EU AI Act Art. 12

Records retained for auditor access. Configurable retention matches organizational compliance policies.

GDPR Art. 5(1)(e)

Data minimization: retention limited to purpose. Configurable periods with automatic enforcement.

GDPR Art. 17

Right to erasure: session-level deletion and full purge with attestation.

HIPAA 164.316

Retention of documentation for 6+ years. Cold archive tier with cryptographic integrity.

SOC 2 CC7.2

Monitoring and retention of monitoring results per organizational policy.