Data Retention Policy
Why data retention matters
Retention is not just about storage — it underpins:
-
operational visibility and troubleshooting
-
reconciliation and dispute resolution
-
audit and compliance requirements
-
accountability across document flows
Poor retention practices lead to gaps in visibility, while excessive retention increases risk. XEDI aims to strike the right balance.
How data is retained
Purpose-led retention
Data is retained to support defined operational and governance needs, such as document tracking, retries, validation and reporting.
Data is not retained or reused beyond its intended purpose.
Logical separation
Customer data is logically separated within the platform. Documents, partner configurations and operational metadata are scoped to each account.
Lifecycle awareness
Documents and related data pass through clear processing stages, with retention aligned to those stages rather than indefinite storage.
Types of data retained
Document data
Examples include orders, despatch notices, invoices and acknowledgements.
-
Retained to support visibility, reconciliation and partner queries
-
Supports reprocessing, retries and audit trails
Operational metadata
Examples include processing timestamps, statuses, error events and retries.
-
Retained to provide traceability and system insight
-
Used to diagnose issues and demonstrate processing history
Configuration data
Examples include partner settings, mappings and routing rules.
-
Retained while actively used
-
Updated or removed as configurations change
User and access data
Examples include user accounts, roles and access activity.
-
Retained to support access control and accountability
-
Limited to what is necessary for platform operation and security
Retention duration
Retention periods can vary depending on:
-
document type and volume
-
operational and audit requirements
-
contractual or regulatory obligations
-
customer-specific configurations
Where applicable, retention can be aligned with business needs rather than fixed, one-size-fits-all periods.
Data removal and disposal
When data is no longer required:
-
it is removed or anonymised using controlled processes
-
access is no longer available within the platform
-
disposal is performed to prevent recovery
This helps reduce unnecessary exposure while maintaining system integrity.
Customer responsibilities
Customers remain responsible for:
-
understanding their own legal and regulatory retention obligations
-
determining how long data must be retained for their business
-
exporting data where longer-term storage is required
-
requesting configuration changes where supported
XEDI provides the technical foundation for retention and traceability, but does not define customer compliance obligations.
Retention and compliance
Data retention supports common compliance expectations, including:
-
audit readiness
-
traceable processing
-
controlled access to historical data
-
accountability for actions and changes
Retention practices are designed to support regulated and enterprise environments without adding operational friction.
Frequently asked questions
How long are documents retained?
Retention depends on document type, operational requirements and configuration. Data is retained to support processing, auditing and support needs.
Can we export data before it is removed?
Yes. Where required, data can be exported for internal storage, reporting or compliance purposes.
Is data shared between customers?
No. Data is logically separated and scoped to each customer account.
What happens when data is deleted?
Data is removed or anonymised using controlled processes and is no longer accessible within the platform.
