Legal

Data Retention & Deletion Policy

Last updated: April 28, 2026

1. Overview

This Data Retention & Deletion Policy explains how Saffron AI, Inc. (“Saffron,” “we,” “us,” or “our”) retains data collected through our assessment platform and how that data is deleted at the end of its retention window. It supplements our Privacy Policy and applies to all data processed on behalf of Customers and candidates.

2. Assessment Data Is Not Deleted on a 30-Day Schedule

Assessment data is retained for as long as the administering Customer maintains an active account with Saffron, or for the period specified in the Customer’s contract. Customers rely on durable access to historical assessment records to make, defend, and audit hiring decisions, so Saffron does not automatically delete this data after 30 days.

Assessment data includes:

  • Code written during the assessment, including all edits and revisions
  • Session recordings of the development workflow
  • AI tool prompts and responses captured during the session
  • Keystrokes, terminal commands, file navigation, and timing data
  • Automated scoring artifacts and AI-generated reports tied to the session

The Customer who administered the assessment is the data controller for assessment data. Customers may request deletion of any assessment record at any time, as described in Section 4.

3. 30-Day Retention Window for Operational Data

Saffron retains operational data for 30 days, after which it is permanently deleted. Operational data is the diagnostic, telemetry, and infrastructure data we generate to run the platform — it is separate from the assessment record itself. This category includes:

  • Application and request logs
  • Sandbox provisioning, lifecycle, and teardown logs
  • Raw network and performance telemetry
  • Error traces and crash reports
  • Authentication and access logs not subject to a longer regulatory retention requirement

Account data (Customer billing records, account profiles, and authentication metadata required to keep the account functional) is retained for the duration of the Customer relationship and for a reasonable period thereafter to meet legal, accounting, and audit obligations. This data is governed by our Privacy Policy rather than the 30-day window.

4. Customer-Initiated Deletion of Assessment Data

Customers and candidates may request deletion of specific assessment records at any time. To submit a request, email team@trysaffron.ai with the assessment identifier and the email address associated with the candidate or Customer account.

We will acknowledge the request within two business days and complete deletion within seven business days. Deletion is permanent and cannot be reversed. Candidates should generally route deletion requests through the Customer that administered their assessment, since the Customer is the data controller; Saffron will honor a direct request where required by applicable law.

5. Deletion Procedure

When operational data reaches the end of its 30-day window, or when a Customer-initiated deletion request is approved, Saffron executes the following procedure:

  • Targeted records are removed from our production database and object storage.
  • Search indexes and caches that reference the deleted records are purged.
  • For Customer-initiated deletions, the isolated cloud sandbox associated with the assessment is destroyed, including its filesystem and any ephemeral artifacts.
  • Encrypted backups containing the deleted records are rotated out of the backup retention pool within 35 days, after which the data is unrecoverable.
  • References to the deleted data in third-party processors (analytics, AI scoring providers) are deleted via their data deletion APIs.

6. Evidence of Data Deletion

Saffron provides verifiable evidence that data has been deleted. On request, we will furnish a Certificate of Deletion that includes:

  • Record identifiers for the data that was deleted (assessment IDs for Customer-initiated deletions, log scopes for operational deletions)
  • Deletion timestamp recorded in our deletion audit log (UTC)
  • Operator identity for the system or human that executed the deletion
  • Cryptographic hash of the pre-deletion record manifest, allowing the requester to confirm scope without exposing the underlying data
  • Confirmation of downstream purges across our database, object storage, search indexes, sandboxes (where applicable), and third-party processors
  • Backup expiration date after which the deleted data is no longer recoverable from any encrypted backup

Saffron maintains an immutable, append-only deletion audit log. Entries in this log are retained for two years after the deletion event so that Customers can verify historical deletions during audits, security reviews, or compliance assessments.

To request a Certificate of Deletion or to audit a prior deletion, email team@trysaffron.ai. Certificates are issued within five business days.

7. Exceptions

Saffron may retain operational data beyond the 30-day window only when required to:

  • Comply with a legal obligation, court order, or regulatory request
  • Investigate suspected fraud, security incidents, or violations of our Terms of Service
  • Enforce our agreements or defend legal claims

Records retained under an exception are isolated, access-restricted, and deleted as soon as the legal or operational basis for retention ends. Any such retention is recorded in the deletion audit log.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by posting the updated policy on our website and updating the “Last updated” date above. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

9. Contact Us

Questions about this policy, deletion requests, or Certificates of Deletion can be sent to team@trysaffron.ai.