..
 # Copyright (c) 2024, Linaro. All rights reserved.
 #
 # This document is proprietary and confidential.
 # Unauthorized copying, distribution, or disclosure of this document or any part
 # of it is strictly prohibited without prior written consent from Linaro.
 #

Data Retention Policy 
#####################

Purpose
*******
This policy establishes the retention and deletion requirements for ONELab
firmware release streams, test run records, associated test result artifacts,
and LAVA logs. It supports the principles of data minimization and storage
limitation in accordance with ISO/IEC 27001 and GDPR, ensuring data is retained
only as long as necessary for its lawful business purpose and securely disposed
of thereafter.

Scope
*****
This policy applies to all ONELab users, administrators, and system components
that create, store, access, or manage firmware release streams, test run
records, test result artifacts, and LAVA logs.

Definitions
***********
**Firmware Release Stream**: A series of firmware images packaged in ONELab
compatible .cab format that are grouped to execute on a Device Under Test that
is seeking ONELab Interoperability compliance.  A typical use is to add a new
firmware to the series to be tested when a defect is corrected in that firmware. 

**Test Run Record**: Metadata and status information documenting the execution of a
test within ONELab.

**Test Result Artifacts**: Files generated as part of a test run (e.g., reports,
logs, output data) required for test validation and traceability.

**LAVA Logs**: Execution logs generated by the LAVA framework, providing detailed
device and test execution information.

Policy
******
Uploaded firmware shall be retained only for the lifecycle of the Firmware
Release Stream to which it is associated.

Test Result Artifacts shall be retained only for the lifecycle of the associated
test run record.

Upon deletion of a Test Run Record, all associated Test Result Artifacts shall
be securely and irreversibly deleted. No recovery will be possible.

LAVA Logs shall be retained for a maximum of 90 days from their creation date,
after which they shall be permanently deleted regardless of the status of the
test run record.

Data retention beyond these limits is not authorized.

Rationale
*********
Retention limits ensure compliance with the principles of confidentiality,
integrity, and availability (CIA) while preventing unnecessary long-term
storage. Artifacts are maintained only as long as required for reproducibility
and accountability, whereas LAVA logs are operationally relevant for a shorter
duration. This approach reduces risk, optimizes resources, and ensures alignment
with GDPR’s data minimization requirements.

Responsibilities
****************
**ONELab Platform Team**: Implements automated enforcement, ensuring timely and
secure deletion of data.

**Users**: Responsible for exporting any data they require beyond defined retention
limits prior to deletion.

**Compliance & Security Teams**: Monitor adherence through periodic audits and
ensure secure disposal practices are followed.

Enforcement
***********
This policy is enforced automatically by ONELab systems. All deletions are final
and constitute secure disposal. No exceptions, extensions, or recoveries shall
be permitted, ensuring compliance with applicable regulatory and contractual
obligations.