HomeTrust Center › Security & Retention

Security & Data Retention

Enterprise-grade protection, transparent lifecycle management, and full compliance with global data regulations. Your spatial data, secure from ingestion to deletion.

View Retention Policy Security FAQ
Security Architecture

Defense-in-Depth for Geospatial Data

We implement industry-standard controls across infrastructure, application, and data layers to protect your mapping workflows.

🔐

Encryption Everywhere

AES-256 encryption at rest for all tile caches, vector datasets, and metadata. TLS 1.3 enforced for all data in transit and API communications.

🛡️

Zero-Trust Access Control

Role-based access control (RBAC), SSO via SAML/OIDC, MFA enforcement, and granular layer-level permissions with audit logging.

📡

Continuous Monitoring

24/7 threat detection, automated DDoS mitigation, vulnerability scanning, and real-time anomaly alerts across all geoserver nodes.

Data Lifecycle

Transparent Retention & Deletion

You control how long your spatial data persists. We provide clear, auditable retention schedules and secure destruction protocols.

📅 Configurable Retention Windows

Set retention policies per dataset, layer, or organization account. Options range from 30 days to 7 years, or indefinite with explicit consent.

  • • Default: 30 days for temporary caches
  • • Standard: 1 year for processed tiles
  • • Enterprise: Custom schedules up to 84 months

🗑️ Secure Data Disposal

When retention periods expire, data is permanently erased using NIST SP 800-88 compliant cryptographic shredding. No recovery is possible.

  • • Automated lifecycle workflows
  • • Immutable deletion audit logs
  • • Instant export before purging
01

Ingestion & Classification

Data is tagged, encrypted, and assigned to a retention tier upon upload or API ingestion.

02

Active Processing & Storage

Layers are served, cached, and backed up according to your configured schedule and SLA.

03

Archive & Review

Approaching retention limits? Data moves to cold storage with optional extension or export prompts.

04

Cryptographic Erasure

Final deletion using key destruction and block overwriting. Audit record generated and immutable.

Compliance & Certifications

Built for Regulated Environments

GeoServer meets the highest security standards, making us compliant for government, healthcare, and financial geospatial deployments.

🛡️
SOC 2 Type II Annually Audited
🌐
ISO 27001 Information Security
🇪🇺
GDPR Ready Data Residency & DPA
🏛️
FedRAMP Ready Cloud Computing Security
📋
CCPA/CPRA Consumer Privacy Rights
🔍
Penetration Tested Quarterly Third-Party
Common Questions

Security & Retention FAQ

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed via HSM-backed KMS with automatic rotation every 90 days. You can also bring your own keys (BYOK) on Enterprise plans.
Yes. You can trigger manual exports at any time via the dashboard or API. Data is provided in standard formats (GeoJSON, Shapefile, GeoTIFF, KML) with metadata preservation. Automated export alerts are available 14 days before scheduled deletion.
All untagged datasets default to a 30-day retention window for temporary caches and 1 year for persistent layers. You receive email and dashboard notifications when datasets approach their expiration threshold.
Yes. GeoServer undergoes annual SOC 2 Type II audits, quarterly penetration testing by independent firms, and continuous vulnerability scanning. Audit reports and compliance certificates are available to Enterprise customers under NDA.
We follow a strict 72-hour notification policy per GDPR/CCPA. Our incident response team operates 24/7 with automated containment playbooks. Post-incident forensic reports and remediation steps are provided to affected customers.

Need Custom Security or Retention Controls?

Our Trust & Compliance team can help configure VPC peering, air-gapped deployments, or bespoke retention schedules for your organization.

Contact Security Team →