Data Lifecycle
How OpenOS retains, deletes, and protects data.
The Data Retention & Deletion Policy explains how OpenOS manages customer data, account information, uploaded documents, logs, backups, and deletion workflows across the service lifecycle.
Retention principles
The policy states that OpenOS is committed to responsible data management and retains information only as long as necessary for legitimate business, operational, legal, security, and contractual purposes.
It also emphasizes data minimization, purpose limitation, and secure disposal. Customer data ownership remains with the customer, while OpenOS acts as a service provider and processor that retains information only to the extent needed to provide contracted services and meet related obligations.
Retention categories
The source document states that the policy applies to customer data, user account information, uploaded files and documents, workflow definitions, process intelligence data, knowledge repositories, AI interaction records, audit logs, and technical or security records.
It includes detailed retention categories for account information, customer data, logs, support records, deleted data, and other operational records. The Trust Center planning notes also summarize representative windows such as active account periods plus limited post-service retention, shorter retention for audit logs, longer retention for security records, and deletion purges within defined cycles after requests or account termination.
Deletion and backup handling
The policy covers deletion upon account termination, customer deletion requests, backup retention, and anonymization. OpenOS states that customer data may be deleted or returned in accordance with agreements, while backup copies may persist temporarily until scheduled rotation or deletion cycles are complete.
The document also notes that OpenOS may anonymize certain data where appropriate and that deletion handling is designed to balance customer expectations with security, resilience, contractual requirements, and legal obligations.
Rights, security, and compliance
The policy addresses the rights of individuals, legal and regulatory retention requirements, security during both retention and deletion, and ongoing compliance with applicable laws. This makes the document relevant not only for operational review, but also for privacy diligence and procurement assessments.
Taken together, the published policy frames lifecycle management as part of the broader OpenOS trust model: retain only what is needed, protect it while it exists, and securely delete or anonymize it when legitimate retention needs end.
Questions about retention schedules, deletion handling, or lifecycle review can be sent to hello@openost.com. Teams that need the source Word document can download it above.