Retention Policies

The AuricVault® service supports multiple retention policies. This allows you to set different retention policies for different types of data.

Retention policies define the number of days the token is retained after the last time it is accessed (read, updated, decrypted, touched, or used for payment).

There are two default retention policies:

  • big-year: approximately 14 months (14 * 31 days)

  • forever: never deleted

The big-year policy is approximately 14 months. This is suitable for credit card account numbers used in a repeat billing scenario. A big-year retention allows you to maintain tokens you use only once per year.

The forever policy is suitable for passwords, financial and medical identification numbers, names, etc.

You can request a custom retention policy when you sign up for your AuricVault® account. Retention policies can as short as 31 days.

Once a token exceeds the retention policy it is marked as expired and is no longer retrievable.


The service tracks the last time a token was accessed. Retention policies are based on the last time a token was accessed, not on the time a token was created. Tokens accessed regularly never expire.