Data Retention Policy

Purpose

This policy establishes the retention and deletion requirements for ONELab firmware release streams, test run records, associated test result artifacts, and LAVA logs. It supports the principles of data minimization and storage limitation in accordance with ISO/IEC 27001 and GDPR, ensuring data is retained only as long as necessary for its lawful business purpose and securely disposed of thereafter.

Scope

This policy applies to all ONELab users, administrators, and system components that create, store, access, or manage firmware release streams, test run records, test result artifacts, and LAVA logs.

Definitions

Firmware Release Stream: See definition here

Test Run Record: See definition here

Test Result Artifacts: See definition here

LAVA Logs: See definition here

Policy

Uploaded firmware shall be retained only for the lifecycle of the Firmware Release Stream to which it is associated.

Test Result Artifacts shall be retained only for the lifecycle of the associated test run record.

Upon deletion of a Test Run Record, all associated Test Result Artifacts shall be securely and irreversibly deleted. No recovery will be possible.

LAVA Logs shall be retained for a maximum of 90 days from their creation date, after which they shall be permanently deleted regardless of the status of the test run record.

Data retention beyond these limits is not authorized.

Rationale

Retention limits ensure compliance with the principles of confidentiality, integrity, and availability (CIA) while preventing unnecessary long-term storage. Artifacts are maintained only as long as required for reproducibility and accountability, whereas LAVA logs are operationally relevant for a shorter duration. This approach reduces risk, optimizes resources, and ensures alignment with GDPR’s data minimization requirements.

Responsibilities

ONELab Platform Team: Implements automated enforcement, ensuring timely and secure deletion of data.

Users: Responsible for exporting any data they require beyond defined retention limits prior to deletion.

Compliance & Security Teams: Monitor adherence through periodic audits and ensure secure disposal practices are followed.

Enforcement

This policy is enforced automatically by ONELab systems. All deletions are final and constitute secure disposal. No exceptions, extensions, or recoveries shall be permitted, ensuring compliance with applicable regulatory and contractual obligations.