Repute legal

Retention and Security

How Repute approaches visitor-log retention, private document storage, access controls, and operational safeguards.

Last updated: June 2026

This policy is product-level information for Repute. It is not legal advice and should be reviewed by qualified counsel before it is relied on for a contract, dispute, court filing, regulatory response, or customer-specific compliance position.

Retention period

Repute is currently designed to retain visitor logs for five years for customer operational continuity, dispute handling, building-security review, and compliance support. A shorter or longer period may require a written customer agreement and technical configuration review.

Private document storage

Uploaded document images are stored in private object storage and are not intended to be publicly accessible. When authorized users view images, Repute generates short-lived signed URLs rather than exposing a public bucket.

Deletion process

Retention deletion may run through scheduled jobs that remove expired database records and associated private objects. If object deletion fails, Repute may avoid deleting the database record until cleanup can be retried, so that orphaned sensitive files are not forgotten.

Access suspension

Repute supports account suspension, staff deactivation, and organization hold controls. Some session or cache changes may take a short time to fully propagate, but sensitive write operations are designed to re-check important access conditions.

Backups and recovery

Infrastructure providers may retain backups, snapshots, logs, or replicas for resilience, security, debugging, or disaster recovery. Backup deletion may follow provider-specific schedules rather than immediate application deletion.

Customer safeguards

Customers should use strong passwords, restrict admin access, remove departed users promptly, train staff, avoid shared credentials, secure mobile devices, and report suspected unauthorized access quickly.