LEGAL
Data Retention Policy
Effective February 1, 2026
How long Expunge Data keeps sanitization certificates and supporting records — and what clients can expect for long-term certificate verification.
1. Retention Period
ExpungeData retains all sanitization records, certificates, and supporting documentation for a minimum of 7 years from the date of processing. This period aligns with common regulatory requirements for data destruction documentation.
2. What We Retain
- Sanitization Certificates: PDF documents with tamper-evident hashes, stored in encrypted object storage.
- Device Records: Serial numbers, model information, SMART health data, and wipe verification results.
- Audit Logs: Timestamped records of all system actions for chain-of-custody documentation.
- Environmental Metrics: CO2e savings, e-waste diversion weights, and sustainability calculations.
3. Certificate Verification
All certificates remain verifiable online throughout the retention period. Each certificate includes a QR code linking to our verification endpoint, which confirms the document's authenticity by validating its cryptographic hash.
4. Data Deletion
After the 7-year retention period, records are eligible for deletion. Clients may request early deletion of their records by contacting us, subject to any applicable regulatory hold requirements.
5. Contact
For questions about data retention, contact us at info@expungedata.com.