Data Retention Policy
Updated: 26th January 2026
Pull Checklist automatically manages the lifecycle of operational and audit data to balance functionality, compliance, and storage efficiency. All data cleanup runs daily and applies the retention periods below.
Retention Schedule
| Data Category | Retention Period | What's Included |
|---|---|---|
| Webhook Data | 30 days | Raw GitHub webhook deliveries and processed webhook records |
| Execution History | 90 days | Workflow executions, rule evaluations, activity logs, and user interaction events |
| Audit Logs | 180 days | Pull request audit trails and user activity audit logs |
How It Works
- Automated cleanup runs daily at 3:00 AM UTC. Expired records are permanently deleted based on their creation date.
- Tiered retention reflects data sensitivity. Transient webhook payloads expire quickly (30 days), while compliance-relevant audit trails are preserved for 6 months (180 days).
- Referential integrity is maintained. Audit logs that are referenced by active reports are excluded from cleanup and retained for as long as the report exists.
- Foreign key safety ensures child records (e.g., workflow action executions, account audit log associations) are removed before their parent records, preventing orphaned data.
What's Not Affected
Data retention applies only to temporal operational records. The following are not subject to automatic cleanup:
- Account and workspace configuration
- Repository settings and checklist definitions
- Workflow and rule definitions
- User profiles and permissions
- Reports (and any audit logs they reference)
For Enterprise Customers
The default retention periods are designed to meet common compliance requirements. If your organization requires longer retention windows or custom data lifecycle policies, contact us to discuss enterprise retention options.
Questions?
If you have questions about our data retention practices or need additional information for your compliance review, contact us at hello@pullchecklist.com.