Data retention policy
Data Retention Policy¶
This document summarizes the steps BoostSecurity takes to retain data per laws and regulations while prioritizing the privacy and security of information. Our procedures also aim to promote efficient data management practices.
To access the latest version of the information summarized herein, please go to trust.boostsecurity.io, and in the "Data Retention Policy" tab, click on Request access and then enter the requested information.
Data Retention Periods¶
The following are general guidelines for the retention periods of different categories of data. These retention periods may vary based on specific legal requirements, contractual obligations, or legitimate business needs.
| System or Application | Data Description | Data Location | Retention Period |
|---|---|---|---|
| boostsecurity.io SaaS | SCM metadata, security findings, SBOM, third-party integrations metadata | USA | Up to 60 days after contract termination |
| boostsecurity.io CLI | Telemetry, SCM metadata, scan reports | USA | Up to 60 days after contract termination |
| boostsecurity.io analytics | Organization name, event types | USA | Indefinite |
| Auth0 | User Authentication | USA | Up to 60 days after contract termination |
| Rollbar | Debugging and Logging information | USA | 7 days after collection |
| DataDog | Infrastructure monitoring and logging information | USA | 30 days after collection |
Policy Review¶
This page is intended to summarize our recent policies and is not to be relied on for contractual obligations.