Data Retention Policy

Retention Overview

App Config.json implements a tiered data retention strategy that balances operational reliability with data minimization principles. Configuration data is retained as long as your workspace remains active, while operational logs and audit trails follow specific retention windows based on your subscription tier.

ℹ️ Key Principle

Configuration data (your JSON payloads, schemas, and environments) is never automatically deleted while your account is in good standing. Log and audit data follow automated lifecycle policies.

Retention Policies by Tier

Retention periods vary based on your plan. Enterprise customers can negotiate custom retention agreements.

Data Type	Starter	Pro	Enterprise
Configuration Data	Account Lifespan	Account Lifespan	Account Lifespan
Config Versions	Last 50 versions	Last 500 versions	Unlimited
Audit Logs	14 Days	90 Days	Unlimited / Custom
Request Logs	Not Included	7 Days	90 Days
Disaster Recovery Backups	7 Days	14 Days	30 Days
Deleted Account Data	Purged within 30 days

Configuration Versioning

Every change to a configuration file creates a new immutable version. Older versions are retained for rollback capabilities. When the version limit for your tier is reached, the oldest versions are automatically archived.

Archive Behavior

Archived versions are moved to cold storage and cannot be rolled back to directly via API.
You can still export archived versions as JSON files.
Archived versions are retained for 12 months after archival before final deletion.

⚠️ Version Limit Warning

Starter plans are limited to 50 versions per config key. High-frequency updates may cause old versions to expire quickly. Consider upgrading to Pro for larger version history.

Data Deletion & Account Closure

When you delete a workspace or individual config keys, the following process occurs:

Soft Delete (Immediate): Data is marked for deletion and immediately removed from active config sync. Your SDKs will receive the default value or error state defined in your config.
Grace Period (0-30 days): Data remains in a quarantine state. You can restore deleted configs via the dashboard during this window.
Hard Delete (Day 30): All data, including versions, audit logs, and backups associated with the deletion, are cryptographically wiped from all systems.

Manual Data Purge

Enterprise customers can trigger immediate data purges via the API for compliance requirements:

bash

# Request immediate purge of a config key
# This action is irreversible

curl -X POST https://api.appconfig.json/v3/purge \\
  -H "Authorization: Bearer $API_KEY" \\
  -H "Content-Type: application/json" \\
  -d '{
    "workspace_id": "ws_8x92f3a",
    "key_path": "app.features.beta_mode",
    "reason": "gdpr_right_to_erasure",
    "purge_versions": true,
    "purge_logs": true
  }'

Compliance & GDPR

App Config.json supports data retention requirements for major regulatory frameworks:

GDPR: Data subject requests can be fulfilled within 72 hours. Config data is not considered PII unless explicitly stored by the user.
CCPA: "Do Not Sell" and deletion rights are enforced via the purge API and dashboard controls.
SOC 2 Type II: Retention policies are part of our access control and data lifecycle management controls.

For specific Data Processing Agreements (DPA) or custom retention contracts, please contact our compliance team.

API Reference: Retention Queries

Inspect retention status for your workspace: