Northwood BankGovernRetention
Retention
Retention floors come from the regulatory scope. You can extend, never reduce below the floor. Right-to-be-forgotten requests route through legal review.
| Data class | Retention | Regulatory floor | Basis | Edit |
|---|---|---|---|---|
| events | 10 years | 7 years (SOX) · 10 years (banking) | banking record-retention | |
| payloads | 90 days encrypted · then archived | 30 days | access pattern + DPA limit | |
| token vault | 180 days default · 7 years for SSN/account | per-class | DPO sign-off · v8 | |
| hash chain | 10 years (forever in evidence bundles) | 10 years | audit primary record | |
| evidence bundles | 10 years | 10 years (banking) | auditor-provided artefact | |
| working papers | 10 years | 7 years (PCAOB) | engagement deliverable | |
| audit-of-audit log | 10 years | 10 years | platform transparency record |
Right-to-be-forgotten
RTBF requests on audit data are exempt from blanket deletion. The workflow is mark for deletion → route to legal review → action only if approved. Every request, decision and outcome is itself an audit event.
0 pending2 actioned (last 90d)1 declined · legal
Deletion proof
When data is deleted under retention, the chain remains intact — the deletion itself is recorded as a chain event with a cryptographic proof. Auditors can verify what was deleted, by whom, when.