The policy that defines how long an organization keeps customer data before deleting it. Retention policies balance regulatory requirements (some industries mandate minimum retention of audit logs and communication records) against privacy principles (GDPR's data minimization says keep no more than necessary). For meeting copilots, retention typically covers raw audio recordings (often deleted within days), transcripts (often kept months to years for searchability), generated recaps (kept indefinitely as user-owned artifacts), and embeddings (kept as long as the underlying transcript). A good retention policy specifies the trigger (date created, last accessed, user-requested deletion), the holding period, and what "deletion" actually means â soft delete that can be restored, or hard cryptographic erasure.