{"issuer":"veracly.app","version":2,"published_at":"2026-06-02","policies":{"free_60day":{"description":"Audit-ledger anchors for free Veracly scans (current policy). The verification material (canonical record, signature, PDF SHA-256) is retained for 60 days from the signing timestamp, after which the daily retention sweep retires the anchor. The retired anchor row survives as proof-of-existence (scan ID, issue date, signing key); only the verification material is removed. THE PDF ITSELF (the rendered bytes in S3 and the denormalised payload snapshot in our `reports` table) is also deleted on the same 60-day window — see the `free_pdf_60day` rule below for the data-side specifics.","retention_days":60,"applies_to":"Anchors signed for scans that originated from the public free-scan flow (no authenticated organization), on or after 2026-06-02.","on_expiry":"Soft-scrub: canonical_json, signature, and pdf_sha256 are set to NULL; retention_expired_at is stamped with the sweep timestamp. The verify endpoint returns status=\"retired\" for the row.","rationale":"Matches the binding Privacy Policy §8 commitment (\"Free scan request records and the resulting signed PDF report — 2 months from issuance\"). The recipient — and any third party they forward the report to — can verify it throughout that window."},"free_7day":{"description":"LEGACY (superseded by free_60day on 2026-06-02). Audit-ledger anchors for free Veracly scans signed before the 60-day policy took effect. Verification material retained for 7 days from the signing timestamp, after which the daily sweep retired the anchor. Retained here so a verifier matching this policy code on an older retired anchor still resolves to its governing rule.","retention_days":7,"applies_to":"Anchors signed for free-scan flow scans before 2026-06-02. No new anchors are issued under this policy.","on_expiry":"Soft-scrub: canonical_json, signature, and pdf_sha256 are set to NULL; retention_expired_at is stamped with the sweep timestamp. The verify endpoint returns status=\"retired\" for the row.","rationale":"Historical policy. Superseded to align with Privacy Policy §8 (2 months). Documented for continuity of older verify URLs."},"free_pdf_60day":{"description":"Rendered PDF artifacts for free Veracly scans (current policy). The PDF file in S3 (`{scanId}/{language}.pdf`) and the matching `reports` row are deleted 60 days after the PDF was generated. NOTE: the presigned download URL on the original delivery email still expires after 6 days 23 hours (the SigV4 cap); reaching the bytes after that point is served by a durable re-presigning download route rather than the original email link.","retention_days":60,"applies_to":"PDF artifacts and `reports` rows for free-scan sentinel-org scans generated on or after 2026-06-02.","on_expiry":"Hard delete: the S3 object is removed and the `reports` row is dropped. The parent `scans` row plus findings, verdicts, and screenshots survive on the broader 12-month scan-retention window (used for support, free→paid conversion analytics, and anti-abuse forensics).","rationale":"Keeps the artifact available for the full Privacy-Policy 2-month window the recipient was promised."},"free_pdf_7day":{"description":"LEGACY (superseded by free_pdf_60day on 2026-06-02). Rendered PDF artifacts for free Veracly scans generated before the 60-day policy took effect. The PDF file in S3 (`{scanId}/{language}.pdf`) and the matching `reports` row were deleted 7 days after the PDF was generated. Documented here for continuity; no new artifacts are governed by this rule.","retention_days":7,"applies_to":"PDF artifacts and `reports` rows for scans owned by the free-scan sentinel organization.","on_expiry":"Hard delete: the S3 object is removed and the `reports` row is dropped. The parent `scans` row plus findings, verdicts, and screenshots survive on the broader 12-month scan-retention window (used for support, free→paid conversion analytics, and anti-abuse forensics).","rationale":"The recipient cannot retrieve the PDF after the presigned URL expires, so keeping the bytes on our infrastructure offers no user-facing utility and creates a storage-limitation tension with the in-product \"available for 7 days\" promise."},"paid_indefinite":{"description":"Audit-ledger anchors for paid Veracly scans. No automatic expiry; the anchor row, canonical record, and signature persist for the lifetime of the parent scan (currently 12 months under the broader storage-retention policy).","retention_days":null,"applies_to":"Anchors signed for scans owned by an authenticated paid organization.","on_expiry":"Not applicable — these anchors do not auto-expire.","rationale":"Paid customers need long-horizon verifiability for compliance audits, regulator inquiries, and internal record-keeping. Their PDFs are retained for the same window; the anchor follows."},"user_deleted":{"description":"Audit-ledger anchors that a paid customer has explicitly asked us to retire ahead of the broader retention horizon. Same soft-scrub model as free_7day: the row survives with retention_expired_at stamped; the verification material is removed.","retention_days":null,"applies_to":"Anchors retired via a paid-customer dashboard action (forthcoming feature; schema support shipped in migration 0016).","on_expiry":"Soft-scrub on customer request: canonical_json, signature, and pdf_sha256 are set to NULL; retention_expired_at is stamped with the request timestamp. The verify endpoint returns status=\"retired\" for the row.","rationale":"Customers may need to retire a specific report’s verification surface earlier than the default 12 months (e.g., the underlying site has been rebuilt and the historic finding is now misleading). The retired-state response is preferable to silent deletion: a regulator looking up an old verify URL gets a meaningful policy reference, not a 404."}},"retention_sweep":{"cron":"0 4 * * * UTC","latency":"The sweep runs once daily; an anchor whose expires_at falls in the past may remain in the active state for up to ~24 hours before retention_expired_at is stamped. This window is intentional and does not extend the policy guarantee."},"verify_url":"https://veracly.app/verify","contact":"support@veracly.app"}