Retention Policies
A retention policy sets how long a document is kept and what happens when that time expires, archive it for long-term storage, or delete it permanently. You configure the rule once; Locker applies it automatically on a schedule.
Screenshot: locker-create-policy-form, the New Policy form at Organization → Retention showing scope, retention period, and action fields
Creating a Policy
- Go to Organization → Retention.
- Click New Policy.
- Choose a scope (see table below).
- Set the retention period in days.
- Choose an action: Archive or Delete.
- Click Save.
Click Preview before saving to see how many existing documents would be affected, a useful check before applying a broad policy.
Screenshot: locker-retention-policy-list, the Organization → Retention page showing a list of active policies with their scope, action, and retention period
Policy Scopes
Policies are scoped to control exactly which documents they cover. From broadest to most specific:
| Scope | Applies to | Use when |
|---|---|---|
| Organization | All documents across all Propper products | Setting a default that applies everywhere unless overridden |
| Product | All documents in a specific product (e.g., Locker only) | Locker needs different rules than Sign or Click |
| Template | All documents generated from a specific Sign template | A specific agreement type has its own retention requirement |
| Document | A single specific document | One document needs a different period than everything else |
When multiple policies apply to a document, the most specific scope wins. By default, Locker uses the longest matching retention period, the conservative choice. Organization admins can configure Locker to enforce the shortest matching period instead.
Documents with an active Legal Hold are exempt from all retention policies until the hold is removed.
Worked Examples
The examples below cover the most common policy configurations. Find the one closest to your situation.
| Example | Scope | Archive after | Delete after | Common use |
|---|---|---|---|---|
| 1. Org-wide default | Organization | 3 years | Never | Baseline safety net for all documents |
| 2. Contracts kept longer | Template | 7 years | Never | Vendor contracts, MSAs, legal agreements |
| 3. Indefinite preservation | Document (Legal Hold) | Blocked | Blocked | Active litigation or regulatory hold |
| 4. Invoices permanently deleted | Product / Template | 1 year | 5 years | Finance records, data minimization |
| 5. Single document override | Document | 10 years | Never | One-off settlement agreements, regulatory filings |
Example 1: Organization-wide Default
Scenario: Your organization wants all documents kept for 3 years by default, then archived, not deleted.
Setup:
- Scope: Organization
- Retention period: 1095 days (3 years)
- Action: Archive
Every document across all Propper products is archived 3 years after upload unless a more specific policy applies. This is the safety net; all other policies override it where needed.
Example 2: Contracts Kept Longer Than the Org Default
Scenario: Your org default is 3 years, but legal requires all contracts to be kept for 7 years before archival.
Setup:
- Scope: Template (the "Vendor Contract" Sign template)
- Retention period: 2555 days (7 years)
- Action: Archive
Documents from the "Vendor Contract" template are governed by the 7-year policy. Because Locker defaults to the longest matching period, and 7 years > 3 years, the template policy wins. All other documents continue to use the 3-year org default.
Example 3: A Specific Document Needs to Be Kept Indefinitely
Scenario: A specific executed agreement is involved in ongoing litigation and must not be archived or deleted under any circumstances.
Place a Legal Hold on the document. This overrides all policies immediately, no archival, no deletion, until you remove it. Legal hold is the right tool for this situation.
Example 4: Invoices Deleted Permanently After 5 Years
Scenario: Finance requires invoices to be permanently deleted (not just archived) after 5 years for data minimization compliance.
Setup:
- Scope: Product (scoped to Locker) or Template (the "Invoice" template if invoices come from Sign)
- Retention period: 1825 days (5 years)
- Action: Delete
Documents are permanently removed after 5 years, file, versions, and search index entry. The deletion event is permanently recorded in the Audit Log.
The Delete action is irreversible. Documents and all their versions are permanently removed. Use Archive for most situations unless compliance or data minimization requirements mandate permanent deletion.
Example 5: Overriding the Default for a Single Document
Scenario: A one-off settlement agreement must be kept for 10 years regardless of any other policy.
Apply a document-level policy directly to that document via the Retention API. Document-level policies take precedence over all product and organization policies.
Applying a per-document retention override from the document detail UI is not yet available. Document-level overrides are available via the Retention API.
What Happens When a Policy Triggers
When a document's retention period expires, Locker runs the action defined in the matching policy.
Archive
Archiving moves a document to long-term cold storage. The document is fully preserved and can be restored, but it no longer appears in the default document list or search results.
When the Archive action runs:
- The file moves to long-term cold storage.
- The document status changes to Archived.
- It is removed from default search results and document lists.
- The event is recorded in the Audit Log.
Archived documents are not deleted, they can be unarchived at any time by an organization admin.
Screenshot: locker-archived-document-status, a document card in the document list showing the Archived status badge
Filtering by "Archived" status and the Unarchive action are not yet available in the Locker UI. Both are available via the Retention API.
Delete
Deletion permanently removes a document, its file, metadata, and search index entry are all purged. This action cannot be undone.
Deletion cannot be undone. If a document may be needed for litigation or compliance, place it on Legal Hold before its retention period expires.
When the Delete action runs:
- The document enters Deletion Pending status.
- The file, metadata, and search index entry are permanently purged.
- Locker writes a deletion event to the Audit Log, this record is kept even after the document is gone.
What is removed vs. what is retained:
| Removed | Retained |
|---|---|
| Document file | Deletion event in Audit Log (actor, timestamp, document ID) |
| Metadata | Obligation records (marked as resolved) |
| Search index entry |
Manual deletion from the document detail view is not yet available in the Locker UI. Deletion currently runs automatically via your retention policy. Manual deletion is available via the Locker API.
A verified GDPR erasure request overrides any active retention policy and triggers immediate deletion, unless a statutory obligation or a Legal Hold is in place. See Compliance for the full interaction.
Related
- Legal Hold: Exempt specific documents from all policies during litigation
- Compliance: GDPR, CCPA, and audit log exports
- API Integration: Apply document-level policies programmatically