Data Retention, Content Management & Logging Policy
How PraDocs manages the lifecycle of your content, what we log for audit and security purposes, and how long each type of data is kept.
Last updated: July 3, 2026
On this page
1. Content Management & Versioning
Every document uploaded to PraDocs is stored with full version history. Each edit, re-upload, or metadata change creates a new version rather than overwriting the prior one, so earlier versions can always be restored (see Version Control and Restore Previous Versions on our Features page). Deleted documents move to a recoverable trash state before permanent deletion, per the retention schedule below.
2. What We Log
To secure the platform, support customers, and satisfy compliance requirements (including 21 CFR Part 11 and ALCOA+ for regulated customers), PraDocs logs:
- Authentication events — logins, logouts, failed login attempts, MFA challenges, and SSO events.
- Document events — views, uploads, downloads, edits, moves, deletions, shares, permission changes, and restores.
- Workflow & e-signature events — approvals, rejections, comments, and each stage of a signature process, including signer identity, timestamp, and IP address.
- Administrative events — user provisioning/deprovisioning, role changes, integration connections, and configuration changes.
- System & security logs — API requests, error logs, and anomaly-detection signals, retained separately from Customer Data for platform security.
3. Audit Trails
Document- and workflow-level events form a tamper-evident audit trail: entries are immutable once written, timestamped, and attributable to a specific authenticated user or system action. Workspace administrators can view and export audit trail reports for their organization's data at any time from account settings, which supports internal audits and regulatory inspections (GDPR accountability, 21 CFR Part 11, ALCOA+, and similar frameworks).
4. Retention Schedule
| Data type | Default retention |
|---|---|
| Active Customer Data (documents, metadata, versions) | Retained for the life of the account, per Customer's own folder/retention configuration |
| Deleted documents (recoverable trash) | 30 days, then permanently purged |
| Document & workflow audit logs | 7 years by default for regulated-industry workspaces (Pharma, Healthcare, Manufacturing); 2 years for other workspaces, configurable on Enterprise plans |
| Authentication & security logs | 13 months |
| Support communications | 3 years |
| Billing records | As required by applicable tax and accounting law (typically 7–8 years) |
| Marketing/website analytics data | Per provider defaults — 14 months for Google Analytics 4 unless configured otherwise |
5. Backups & Disaster Recovery
Customer Data is backed up on a rolling schedule with geographically redundant storage. Backups are encrypted and retained for 35 days on a rolling basis to support disaster recovery, and are purged from backup storage on the same retention cycle described above once the corresponding live data is deleted.
6. Deletion & Post-Termination Data
Upon account cancellation or contract termination, Customer Data remains available for export for 30 days. After that window, it is permanently deleted from production systems and purged from backups within a further 60 days, unless a longer period is required by law (e.g. billing or regulatory records) or agreed in an Enterprise Order Form. This mirrors Section 12 of our Data Processing Agreement.
7. Who Can Access Logs
Audit and activity logs for a workspace are visible to that workspace's authorized administrators. PraDocs personnel access logs only for support, security investigations, or legal compliance, under role-based access controls and logged themselves for accountability. System-level security logs are accessible only to authorized PraDocs engineering and security personnel.
8. Contact
Questions about retention or to request an audit export: support@pradocs.com.