AppProfileSafe generates several types of persistent data: export backups, run reports, compliance reports, audit logs, health snapshots, and application logs. Each has its own retention mechanism. This page provides guidance for managing storage growth over time.

Retention Settings

Retention periods are configured in settings.xml:

Application log rotation is handled separately by size-based rotation (see Logging & Diagnostics), configured via MaxLogSizeBytes (default: 10 MB) and MaxLogFiles (default: 10).

Export Data

Export backups (the manifest XML and the accompanying data folder) are not managed by AppProfileSafe's retention system. They persist indefinitely until manually deleted or managed by external processes. For environments running daily or weekly exports:

• Versioned folders — Include a timestamp in the manifest path (e.g. \\server\share\%USERNAME%\2026-02-14\Manifest.xml) to keep multiple backups.
• External cleanup — Use a scheduled script to delete exports older than your desired retention period.
• Disk monitoring — Monitor the export share for disk space. The DiskSpace health check only monitors the local drive.

Compliance Considerations

For regulated environments (GDPR, ISO 27001, SOC 2, HIPAA), consider:

• Audit log retention — Set Audit.RetentionDays to meet your regulatory minimum. Audit logs are the primary compliance artifact and should be retained at least as long as your retention policy requires.
• Archival — When audit files exceed the retention period, they can be archived rather than deleted. The audit retention service preserves hash chain continuity by recording the last entry's hash in the current file.
• Compliance reports — Generate compliance reports on a regular schedule (monthly or quarterly) and archive them with your other compliance documentation.

Storage Sizing Guidance