Data Retention
Last updated: May 2026
This page lists what Octopus stores, for how long, and how to request deletion. Numbers apply to hosted Octopus by default; self-hosters control their own retention.
Retention by category
| Category | What | Retention |
|---|---|---|
| Reviews | Posted review bodies + findings on each PR Findings stay queryable from the dashboard during this window; after, they roll off. | For the lifetime of the PR + 90 days after PR close |
| Diffs | PR diff content used for a single review Never persisted to durable storage. | Discarded after the review completes |
| Embeddings | Vector chunks indexed from connected repos in Qdrant On repo disconnect: vectors are deleted within 24 h. | For as long as the repo is connected |
| Audit log | AuditLog rows recording mutating actions Self-hosted: configurable retention window. | 365 days (hosted default) |
| AI usage | Token-count records for billing and observability Aggregated monthly summaries retained indefinitely for billing reconciliation. | 13 months |
| Integration tokens | OAuth refresh tokens for Slack / Linear / Jira / GitLab Stored encrypted at rest (apps/web/lib/crypto.ts). | Until the user disconnects the integration |
| Sessions | Auth session tokens + IP + user-agent Revocable from /settings/sessions. | 30 days from last activity |
| Email send records | EmailSend rows for transactional emails | 13 months |
| Knowledge documents | User-uploaded knowledge base docs | Until the user deletes them; soft-deleted with 30-day recovery window |
| Backups | Encrypted DB snapshots | 30 days for hosted; self-hosters control their own |
| Activity events | Live team-telemetry feed rows (coarse actions only — no content) Only when an org enables Live Activity. Tunable via ACTIVITY_RETENTION_DAYS; pruned daily. | 30 days (hosted default) |
| Presence | Whether a member/agent is currently online + coarse current area Held in Redis with a TTL (or a short-lived DB row); never archived. | Ephemeral — expires ~60s after going offline |
Account / organisation deletion
Org owners can delete their organisation from the Danger Zone card on /settings. Deletion is processed within 24 hours and removes:
- The organisation record, all repos, reviews, embeddings, audit log, and integration tokens
- Memberships for every member of that organisation
To delete your user record (and memberships in orgs you do not solely own), email [email protected] from the address on the account — the in-app flow only covers org deletion today.
Backups containing deleted data roll off per the backup retention window (30 days). Anonymised aggregate metrics may persist indefinitely.
Data export (right to portability)
For org-wide data export (repositories, reviews, findings, knowledge documents, audit logs, AI usage records), email [email protected] from the account address — we respond within 30 days.
GDPR / CCPA requests
Right-to-access, right-to-erasure, right-to-portability, and right-to-correction requests can be made by emailing [email protected] from the address on the affected account. We respond within 30 days.
Self-hosters
Self-hosted Octopus stores everything in your PostgreSQL + Qdrant + object-storage. There is no automatic retention beyond the 90-day-post-close window for review findings. Configure retention for your stored data per your own compliance requirements.