Storage Locations
- Ephemeral in-memory storage for most bot interactions.
- Persistent stores for configurations or preferences when a feature requires it.
- Logs and diagnostics in secured provider infrastructure.
Retention
- Keep only for the time needed to operate, troubleshoot, or secure the service.
- Purge diagnostic logs on a rolling basis; shorten retention after incidents are resolved.
- Delete configuration data when the feature is disabled or the contract ends.
Protections
- Use reputable cloud and platform providers with access controls.
- Restrict access to operational staff and automation strictly required for the service.
- Segment test and production data; avoid copying production data into tests.
Backups and Logs
Where backups exist, they follow the same retention objectives. Logs are scoped to service health and security; we avoid verbose content logs unless needed for an incident.