Data retention and expired licenses
Data retention for expired licenses in Invicti Platform is a key aspect for organizations managing security scans and vulnerability data. When a license expires, it is important to understand how Invicti handles stored information, including scan results and reports. Clear retention policies help organizations maintain compliance, safeguard historical records, and manage their data effectively.
This document outlines Invicti’s approach to data retention after license expiration.
Data retention after license expiry
The Data Retention period for expired licenses, regardless of whether they are a POC (Proof of Concept), is 60 days. For customers with licenses that have expired for more than 60 days, the following actions will be taken on day 61:
- Deletion of all scan files
- Deletion of all reports
- Deletion of all user information
- Deletion of all trouble tickets
- Deletion of all demo targets and related data
Additionally, data can be permanently deleted from Invicti Platform upon request.
Data accessibility after license expiry
On the expiry date, Invicti Platform still displays the data, and you can start a new scan until the 7-day grace period ends.
During this period, a "Your license has expired" message appears in the top bar.
After the grace period, the Invicti requires a valid license and only displays the activation page, making the data no longer visible to you.
On the 60th day after expiry, the account and all its data in the cloud are permanently deleted.