Data Retention Policy

Effective Date: February 1, 2026

1. Retention Period

ExpungeData retains all sanitization records, certificates, and supporting documentation for a minimum of 7 years from the date of processing. This period aligns with common regulatory requirements for data destruction documentation.

2. What We Retain

• Sanitization Certificates: PDF documents with tamper-evident hashes, stored in encrypted object storage.
• Device Records: Serial numbers, model information, SMART health data, and wipe verification results.
• Audit Logs: Timestamped records of all system actions for chain-of-custody documentation.
• Environmental Metrics: CO2e savings, e-waste diversion weights, and sustainability calculations.

3. Certificate Verification

All certificates remain verifiable online throughout the retention period. Each certificate includes a QR code linking to our verification endpoint, which confirms the document's authenticity by validating its cryptographic hash.

4. Data Deletion

After the 7-year retention period, records are eligible for deletion. Clients may request early deletion of their records by contacting us, subject to any applicable regulatory hold requirements.

5. Contact

For questions about data retention, contact us at info@expungedata.com.