Data Retention
Ragwalla can be configured with retention policies that govern your AI agent data. Retention policies can be set at the organization level with project-specific overrides for different business requirements.
Retention Categories
Ragwalla provides independent retention controls for three categories of data:
| Category | What's Included |
|---|---|
| Conversations | Agent threads, messages, and conversation metadata |
| Audit Logs | Records of agent activity, tool calls, and access events |
| Files | RAG documents, uploaded content, and embeddings |
Each category can have a different retention period based on your compliance requirements.
Configuration
Organization Defaults
Set baseline retention policies at the organization level. These apply to all projects unless overridden.
Project Overrides
Override organization defaults for specific projects when business requirements differ:
| Project Type | Typical Retention |
|---|---|
| Customer support | 90 days (minimize PII) |
| Sales demos | 30 days (temporary data) |
| Legal intake | 7 years (regulatory requirement) |
| Healthcare | 7+ years (HIPAA) |
| Financial services | 7 years (regulatory requirement) |
Retention Behavior
Automatic Cleanup
Retention cleanup runs automatically based on your configured schedule. When data exceeds its retention period:
Conversations are removed along with all associated messages
Files are deleted from both the database and object storage
Audit logs are archived before deletion to preserve integrity
Every deletion is recorded for compliance evidence
Legal Hold Protection
Data under legal hold is excluded from automated cleanup. See Legal Holds for details.
Deletion Records
Every automated deletion generates a permanent record that includes:
Resource type and identifier
Deletion timestamp
Original creation date
Applicable retention period
The job that performed the deletion
These records provide the audit trail your compliance team needs.
API Reference
View Retention Settings
GET /v1/dashboard/organizations/:orgId/settings
Returns current retention configuration for the organization.
Update Retention Settings
PUT /v1/dashboard/organizations/:orgId/settings
Update retention periods. Changes apply to future cleanup runs.
Project-Level Settings
GET /v1/dashboard/organizations/:orgId/projects/:projectId/settings
PUT /v1/dashboard/organizations/:orgId/projects/:projectId/settings
View or update project-specific overrides.
Trigger Manual Cleanup
POST /v1/system/retention/cleanup
Trigger retention cleanup immediately. Supports dry_run parameter to preview deletions.
View Cleanup History
GET /v1/system/retention/jobs
List retention job history with execution details and deletion counts.
Export Deletion Records
GET /v1/dashboard/organizations/:orgId/retention/deletions
Query deletion records with filters for resource type, project, and date range.
Best Practices
Start with organization defaults — Set reasonable baseline retention for all projects
Override where needed — Use project-level settings for specific compliance requirements
Document your policies — Include retention periods in your information security policy
Review regularly — Monitor retention job history to ensure policies are enforced
Export for audits — Generate deletion records for your compliance evidence package
Related
Legal Holds — Preserving data during investigations
Audit Trail — Understanding activity logging
SOC 2 Compliance — Trust Services Criteria coverage