Compliance

Data Retention

Last updated: May 2026

This page lists what Octopus stores, for how long, and how to request deletion. Numbers apply to hosted Octopus by default; self-hosters control their own retention.

Retention by category

CategoryWhatRetention
ReviewsPosted review bodies + findings on each PR
Findings stay queryable from the dashboard during this window; after, they roll off.
For the lifetime of the PR + 90 days after PR close
DiffsPR diff content used for a single review
Never persisted to durable storage.
Discarded after the review completes
EmbeddingsVector chunks indexed from connected repos in Qdrant
On repo disconnect: vectors are deleted within 24 h.
For as long as the repo is connected
Audit logAuditLog rows recording mutating actions
Self-hosted: configurable retention window.
365 days (hosted default)
AI usageToken-count records for billing and observability
Aggregated monthly summaries retained indefinitely for billing reconciliation.
13 months
Integration tokensOAuth refresh tokens for Slack / Linear / Jira / GitLab
Stored encrypted at rest (apps/web/lib/crypto.ts).
Until the user disconnects the integration
SessionsAuth session tokens + IP + user-agent
Revocable from /settings/sessions.
30 days from last activity
Email send recordsEmailSend rows for transactional emails13 months
Knowledge documentsUser-uploaded knowledge base docsUntil the user deletes them; soft-deleted with 30-day recovery window
BackupsEncrypted DB snapshots30 days for hosted; self-hosters control their own
Activity eventsLive team-telemetry feed rows (coarse actions only — no content)
Only when an org enables Live Activity. Tunable via ACTIVITY_RETENTION_DAYS; pruned daily.
30 days (hosted default)
PresenceWhether a member/agent is currently online + coarse current area
Held in Redis with a TTL (or a short-lived DB row); never archived.
Ephemeral — expires ~60s after going offline

Account / organisation deletion

Org owners can delete their organisation from the Danger Zone card on /settings. Deletion is processed within 24 hours and removes:

  • The organisation record, all repos, reviews, embeddings, audit log, and integration tokens
  • Memberships for every member of that organisation

To delete your user record (and memberships in orgs you do not solely own), email [email protected] from the address on the account — the in-app flow only covers org deletion today.

Backups containing deleted data roll off per the backup retention window (30 days). Anonymised aggregate metrics may persist indefinitely.

Data export (right to portability)

For org-wide data export (repositories, reviews, findings, knowledge documents, audit logs, AI usage records), email [email protected] from the account address — we respond within 30 days.

GDPR / CCPA requests

Right-to-access, right-to-erasure, right-to-portability, and right-to-correction requests can be made by emailing [email protected] from the address on the affected account. We respond within 30 days.

Self-hosters

Self-hosted Octopus stores everything in your PostgreSQL + Qdrant + object-storage. There is no automatic retention beyond the 90-day-post-close window for review findings. Configure retention for your stored data per your own compliance requirements.