Lifecycle by data class — subject to product configuration, legal hold, and Cloudflare platform behavior.
| Class | Typical location | Default intent |
|---|---|---|
| Consent artifacts / vault objects | R2 (or your bucket) | Long-lived retention per plan (e.g., multi-year vault objective); your bucket policies apply for BYOB. |
| Tenant metadata & profiles | D1 | Persist until account deletion or purge routines run. |
| Security audit events | D1 | Operational retention for forensics; tune via policy as program matures. |
| Webhook delivery logs | Queues / transient | Short-lived; designed for delivery not indefinite archive. |
| Billing records | Stripe | Subject to Stripe retention and law; we store subscription state needed for service. |
Tenant-initiated deletion hooks remove tenant-scoped data where implemented. Legal hold may pause deletion for named scopes.