| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Tier 1 scan data & findings | 90 days from delivery | Secure deletion on schedule |
| Tier 2 scan data & findings | 365 days from delivery | Secure deletion on schedule |
| Guardian subscription data | Subscription + 90 days | Secure deletion post-subscription |
| Authorization documents | 3 years from signing | Archived, then deleted |
| Payment records (Polar.sh) | Per Polar.sh policy | Not held by Pilum.io |
| Source code (Tier 2 repo) | Session only — deleted after PDF generated | Secure deletion immediately post-scan |
| Anonymized aggregate findings data | Indefinite | Never contains identifying information |
| Client email addresses | Duration of relationship + 90 days | Deleted on request |
Email security@pilum.io with subject “Data Deletion Request — [your domain]”. Processed within 72 hours. We will confirm deletion in writing.
Files are securely deleted from the operator’s machine. Database rows are anonymized (client identifiers replaced with null) before aggregate data is retained. Backups are purged on their next rotation cycle (weekly).
Vulnerability type frequencies, severity distributions, false positive rates, tool fingerprint accuracy scores. This data has no client identifiers attached and cannot be used to reconstruct any client’s findings.