Skip to content
All Docs

Data Retention and Deletion Policy

Data Retention and Deletion Policy#

We treat forensic evidence as one of the most sensitive classes of digital data. This document describes how long unJaena retains case data, when retention may be extended, and how users delete their data on demand without exposing internal infrastructure details.

1. Default Retention Window#

  • 30 days by default: original uploads, analysis results, and search or AI-derived data are processed for deletion 30 days after case creation.
  • Configurable: each case can be adjusted between 1 and 365 days.
  • Expiry visibility: the expiry timestamp is shown in the case detail view.

Retention may be extended when a lawful preservation obligation applies, including:

  • A valid preservation request from a court or law-enforcement authority.
  • An evidentiary preservation duty arising from active litigation.
  • A statutory or regulatory retention obligation.

While legal hold is active, the affected case is excluded from normal retention-based deletion. Once the obligation ends, the case returns to the standard retention policy.

3. Retention Notifications#

Account email notifications are sent before expiry and after deletion processing. Users can extend retention or export data before the configured expiry date.

4. Data Protection at Rest#

  • Transport and storage protection: data is encrypted in transit and protected at rest with encryption and access controls.
  • Case-level isolation: case data is separated by ownership, authentication, and authorization policy.
  • Least-privilege operations: routine operations do not require staff to inspect forensic data contents. Exceptional access follows auditable procedures.
  • Limited recovery after deletion: once deletion completes, the data is not recoverable through normal user workflows.

5. On-Demand Manual Deletion#

Users can request immediate deletion from the case result page. Approved enterprise or integration customers may receive separate integration workflows after contractual and security review.

Deletion processing covers:

  1. Original uploaded evidence data.
  2. Derived analysis data used for reports and review.
  3. Search and AI-analysis index data.
  4. Processing state and cache-like data.

Deletion operations are audit logged, and a deletion certificate can be provided on request.

Next Steps#