Compliance & Retention

BarrelHub maintains auditable API and mutation logs to support operational reviews, incident response, customer data workflows, and contractual reporting obligations.

Governance controls are intended to preserve source lineage, permissions, freshness context, and review history for proprietary data and AI-generated outputs.

Core retention targets:

• `audit_logs`: 90 days
• `api_request_logs`: 90 days
• Webhook delivery logs: 30 days

Retention controls are enforced by scheduled cleanup jobs and monitored through control plane health checks.

Security control details are available on the security page.