The matrix below documents how long Neuroscale retains data by system, in support of the Data Management Policy. Retention periods are reviewed annually.
System / applicationData descriptionRetention period
PostgreSQL — AWS RDS / Aurora (production, primary)Customer dataUp to 60 days after contract termination (per the Records Retention Schedule → Customer data)
PostgreSQL — Vultr-hosted (production, secondary)Customer data routed to Vultr-hosted servicesUp to 60 days after contract termination (per the Records Retention Schedule → Customer data)
AWS S3 (object storage, customer data)Customer-uploaded files; backupsPer the Records Retention Schedule; 60-day rolling for backups
Vultr Object Storage (object storage, customer data)Customer-uploaded files routed to Vultr-hosted servicesSame as above; cross-cloud copy maintained in AWS S3 where contractually required
Linear (Helpdesk team queue, populated from intake.neuroscale.ai)Support tickets and casesIndefinite while the customer is active; 7 years post-termination, then deleted per the Records Retention Schedule.
Support call recordingsNot currently in scope — Neuroscale provides support via Slack and email; no support-phone recordings exist. Re-evaluate if a phone channel is added.N/A
Better StackSecurity event and log data, network flow logs13 months (covers a full SOC 2 audit period plus grace; supports retrospective determination of breach awareness for GDPR Art. 33 / state-AG breach analysis).
Detectify (and other scanners listed in Vulnerability Management → Tooling)Vulnerability scan results6 months for findings; asset / inventory data retained until the asset is decommissioned and purged.
HubSpotOpportunity and sales dataIndefinite while the account or active sales pursuit exists; 7 years post-termination of the customer relationship, then deleted per the Records Retention Schedule.
Internal QA tooling (test fixtures and synthetic data in CI)QA / testing scenarios and results1 year for results; synthetic data deleted with the test run. Customer data is not used in QA per the Data Management Policy and Operations Security Policy.
Security policiesSecurity policies (this site)1 year after archive
Temporary files/tmp ephemeral storageAutomatically when process finishes

Internal retention & disposal

Engineering sets and enforces data retention and disposal procedures for Neuroscale-managed accounts and devices.

Customer accounts

Customer accounts and data are deleted within 60 days of contract termination via the documented data-deletion process. See Records Retention Schedule → Customer data.

Devices

  • Employee devices are collected promptly upon termination. Remote employees receive a shipping label; return is monitored.
  • Collected devices are securely erased and re-provisioned, or removed from inventory.
  • Damaged devices unable to be wiped are processed via an e-waste service with a Certificate of Destruction (COD). COD retained for 1 year.
  • Physical destruction may be skipped if the device is verified as encrypted with full-disk encryption.
Management reviews this procedure at least annually. Records subject to legal holds are exempt from this matrix and are retained per Legal’s instructions. See Data Management Policy → Legal holds.

Version history

VersionDateDescriptionAuthorApproved by
1.0May 8, 2026Initial versionCameron WolfeIshan Jadhwani