Data Retention Policy

Data	Stored?	Retention
Document image / selfie frames	No	Discarded immediately after scoring
Face embeddings / pose data	No	In-memory only
Over-threshold result + coded outcome	Yes	Default 12 months, then auto-purged
Dispute scores (match/liveness)	Yes	Default 30 days, then nulled
Consent receipt (hashes)	Yes	With the session record
Audit log (no PII)	Yes	Retained for accountability

Automated purge runs daily (npm run gdpr:purge / POST /api/jobs/purge). Customers can trigger erasure for any subject reference at any time.

This template is provided as engineering scaffolding and is not legal advice. Have your DPO / counsel review before going live, and complete a DPIA.