Security · Data Retention

How Docuplete retains and deletes your data.

This page explains what data Docuplete stores, how long it is retained, what controls are available to organizations, and how to request deletion. If you are evaluating Docuplete for a regulated industry or completing a security questionnaire, this page addresses common data lifecycle questions.

What data Docuplete stores

When a client completes a Docuplete document session, the following data is stored:

  • Client interview answers — The responses the client provided during the guided interview, stored in the database. Sensitive fields (SSN, date of birth, financial data) are encrypted using AES-256-GCM on paid plans.
  • Completed PDF — The generated, filled PDF is stored in Docuplete's Cloudflare R2 object storage. It is accessible through the submission bank in your organization dashboard.
  • Audit trail — The audit record for each session: session creation, OTP verification event, signature event, and submission timestamp — each with IP address, device fingerprint, and RFC 3161 timestamp.
  • Session metadata — Technical metadata including session ID, creation date, status, and document package reference.

Default retention

By default, completed session data — interview answers, generated PDFs, and audit trails — is retained for the lifetime of your Docuplete organization account. Data is not automatically purged on a rolling basis unless you configure retention rules or submit a deletion request.

If your organization has data retention requirements (e.g., HIPAA requires 6 years for PHI in medical records), Docuplete's default retention ensures data is available for the required period. If your requirements call for earlier deletion, see the deletion section below.

Deleting session data

Organizations can delete individual session records through the Docuplete dashboard. Deletion removes the interview answers, generated PDF, and associated session metadata from active storage. The audit trail entry (anonymized) may be retained for a defined period for security and compliance purposes.

For bulk deletion requests — for example, when offboarding a client or responding to a GDPR data subject access and deletion request — contact hello@docuplete.com.

GDPR and right to erasure

Under GDPR Article 17, data subjects have the right to request erasure of their personal data. If a client submits an erasure request related to data collected through a Docuplete document session, the organization (as the data controller) is responsible for processing that request. Docuplete (as the data processor) will assist with erasure requests in accordance with the terms of the Data Processing Agreement.

See the Docuplete Data Processing Agreement for details on data processor obligations under GDPR.

Subprocessor data handling

  • Cloudflare R2 — Completed PDFs are stored in Cloudflare R2 object storage with AES-256 encryption at rest.
  • Railway — Docuplete API server and database run on Railway infrastructure. Database backups are maintained by Railway.
  • Resend — Notification emails (OTP codes, session links) are sent via Resend. Resend does not store document content.

Enterprise data residency: If your organization requires data residency in a specific geography (e.g., EU data must stay in the EU), contact hello@docuplete.com to discuss your requirements.

Data governance questions?

We are happy to discuss your data retention, deletion, and residency requirements.

Start free trial See live demo →

Related

Security OverviewAll security controlsAES-256-GCM EncryptionHow data is encrypted at restAudit TrailWhat the audit record containsData Processing AgreementGDPR and processor obligationsHIPAA ComplianceHealthcare data requirements