Security & Retention

All documents, decisions, and statements are retained for a minimum of three years from the date of issuance, aligned with post-clearance audit timelines under EU regulations. You may request extended retention if required by your compliance obligations.

Role-based access ensures that only authorised personnel within your organisation can view, create, or modify records. Each user action is attributed and logged.

Every action — document upload, decision recording, statement generation, data export — is logged with a timestamp, user identity, and action description. Logs are append-only and cannot be modified or deleted.

Your data is yours. We do not sell, share, or monetise your commercial information. Data is used solely for providing the service you have contracted.

Once a Statement of Origin is issued, the associated decision and evidence snapshot become immutable. This ensures that the record available during an audit reflects the state at the time the declaration was made.