Data retention: what we store, for how long, how to export
Data retention
What DevFlow stores and for how long.
check results
| Tier | Raw retention | Aggregated retention |
|---|---|---|
| Free | 7 days | 30 days |
| Pro | 30 days | 13 months |
| Scale | 90 days | 13 months |
| Enterprise | up to 24m | 24 months |
"Raw" includes the per-check response body excerpt (first 64 KB). "Aggregated" is per-minute roll-ups (status, latency p50/p95/p99, assertion outcome counts).
audit logs
365 days. Includes secret rotations (variables-and-secrets), service-account changes (rest-api-authentication), monitor edits, channel edits, member changes.
incident records
Indefinite — incidents and their postmortem stubs are part of your operational history. Customers can mass-delete on request.
export
devflow export run --since 2026-01-01 --format ndjson --output ./export.ndjsonNDJSON is the canonical format; CSV is also supported. Export is a single point-in-time dump of the data your service-account key can see; rate-limited.
deletion
Customer-initiated deletion request via security@devflow.io. We delete within 30 days, with audit-trail of the deletion. See /security and the DPA at /privacy.
what we don't store
- We don't store request bodies you sent (we sent them; you wrote them) longer than the response body excerpt.
- We don't store secrets (variables-and-secrets) in plaintext anywhere.
- We don't store your team's private Slack messages — only the messages we ourselves sent.
related
- compliance-soc2-gdpr for the legal-shape view.
- /security for the SOC 2 Type II report request form.