Skip to content

Data Retention Guide

This guide covers RightInsight's comprehensive security features, data retention policies, and best practices for protecting your business data.

Security Overview

RightInsight is built with enterprise-grade security standards to protect your NetSuite data and ensure compliance with business requirements.

Core Security Principles

  • Data Encryption: All data encrypted in transit
  • Access Control: Role-based permissions with company isolation
  • Secure Authentication: Secure token management
  • Data Retention: Configurable retention policies with automatic cleanup
  • Audit Logging: Comprehensive activity tracking and monitoring

Data Encryption

In Transit

  • HTTPS/TLS: All communications encrypted using TLS 1.2+
  • API Security: All API endpoints require authentication
  • NetSuite Integration: Secure OAuth2 connections with encrypted tokens

Encryption Standards

  • Password Hashing: bcrypt with salt rounds
  • Token Encryption: AES-256 encryption for sensitive data
  • Certificate Storage: Secure storage of NetSuite private keys

Access Control

Company Isolation

  • Data Separation: Each company's data is completely isolated
  • Cross-Company Access: Not permitted under any circumstances
  • Data Source Security: Company-specific data source access
  • Query Isolation: All queries scoped to company boundaries

Role-Based Permissions

  • User Role: Access to own data and company data sources
  • Admin Role: Company management and user administration

For detailed information about user roles and permissions, see the User Roles & Permissions Guide.

API Security

  • Authentication Required: All API endpoints require valid authentication
  • Company Scoping: All operations scoped to user's company
  • Input Validation: All inputs validated and sanitized

Data Retention Policies

Configurable Retention

RightInsight allows companies to configure their own data retention policies:

  • Thread Retention: 1-3650 days (1-10 years)
  • Automatic Cleanup: Expired threads automatically deleted
  • Manual Deletion: Users can delete threads (if enabled)
  • Policy Management: Company admins can configure retention settings

Default Retention Settings

  • Thread Retention: Disabled (no automatic deletion)
  • Manual Deletion: Enabled by default
  • Automatic Cleanup: Disabled by default

Retention Policy Configuration

For Company Admins

  1. Navigate to Settings → Data Retention tab
  2. Configure Settings:
  3. Thread Retention Days: Set retention period (1-3650 days)
  4. Allow Thread Deletion: Enable/disable manual deletion
  5. Enable Automatic Cleanup: Turn on automatic deletion
  6. Save Changes: Policies take effect immediately

Retention Policy Options

  • Thread Retention Days: How long to keep analysis threads
  • Allow Thread Deletion: Whether users can manually delete threads
  • Automatic Cleanup: Whether to automatically delete expired threads
  • Policy Status: Enable/disable retention policies

Data Source Security

NetSuite Integration Security

  • OAuth2 Authentication: Secure token-based authentication
  • Token Refresh: Automatic token refresh to maintain security
  • Scope Limitation: Limited to necessary NetSuite permissions
  • Certificate Security: Private keys encrypted and securely stored

Data Source Access Control

  • Company-Level: Shared access for all company users
  • User-Level: Personal access for individual users
  • Verification Status: Data sources must be verified before use

Best Practices

For Company Admins

  1. Regular Security Reviews: Periodically review user access and permissions
  2. Retention Policy Management: Set appropriate retention periods
  3. Data Source Monitoring: Monitor data source usage and access
  4. User Training: Educate users on security best practices
  5. Incident Response: Have procedures for security incidents

For Users

  1. Strong Passwords: Use strong, unique passwords
  2. Secure Access: Only access from trusted devices and networks
  3. Data Sensitivity: Be mindful of sensitive data in queries
  4. Regular Logout: Log out when finished with sessions
  5. Report Issues: Report any security concerns immediately

For Data Sources

  1. Minimal Permissions: Use only necessary NetSuite permissions
  2. Regular Updates: Keep NetSuite connections current
  3. Access Monitoring: Monitor who has access to data sources
  4. Secure Storage: Ensure certificates and keys are properly stored

Security is a shared responsibility. By following these guidelines and best practices, you can ensure that your RightInsight data remains secure and compliant with your organization's requirements.