Skip to content

Data Retention Policy


This document summarizes the steps BoostSecurity takes to retain data per laws and regulations while prioritizing the privacy and security of information. Our procedures also aim to promote efficient data management practices.

To access the latest version of the information summarized herein, please go to trust.boostsecurity.io, and in the "Data Retention Policy" tab, click on Request access and then enter the requested information.


Data Retention Periods


The following are general guidelines for the retention periods of different categories of data. These retention periods may vary based on specific legal requirements, contractual obligations, or legitimate business needs.

System or Application Data Description Data Location Retention Period
boostsecurity.io SaaS SCM metadata, security findings, SBOM, third-party integrations metadata USA Up to 60 days after contract termination
boostsecurity.io CLI Telemetry, SCM metadata, scan reports USA Up to 60 days after contract termination
boostsecurity.io analytics Organization name, event types USA Indefinite
Auth0 User Authentication USA Up to 60 days after contract termination
Rollbar Debugging and Logging information USA 7 days after collection
DataDog Infrastructure monitoring and logging information USA 30 days after collection

Policy Review


This page is intended to summarize our recent policies and is not to be relied on for contractual obligations.