Data Handling

Qpher infrastructure is hosted on major cloud providers (AWS / GCP) with configurable region selection. By default, data is stored in US regions. Enterprise customers can specify their preferred data residency region during onboarding. All data at rest is encrypted, and data in transit uses TLS 1.2+ encryption. Sub-processor data locations are documented in the Data Processing Agreement at /legal/dpa.

Qpher applies the following retention periods: tenant metadata and API keys are retained while the account is active and deleted 30 days after account deletion. PQC public keys follow the same retention. PQC private key files are securely deleted (overwrite + delete) within 30 days of account deletion or key archival. Audit logs are retained for 180 days on a rolling basis. Invoices are retained for 7 years for tax compliance. Prometheus metrics are retained for 15 days (hot storage) plus 90 days (cold storage) and are anonymized upon account deletion by removing tenant_id labels.

Customers may request account deletion through the portal settings page or by contacting support. Upon request, Qpher initiates a 30-day deletion process during which all tenant data — including metadata, API key hashes, PQC public keys, and user personal data — is permanently removed. PQC private key files undergo secure deletion: the encrypted key file is overwritten with random data before filesystem deletion, ensuring key material cannot be recovered. Invoices are exempt from the 30-day deletion due to a 7-year tax compliance requirement. This process fulfills GDPR Article 17 (right to erasure) and CCPA Section 1798.105 (right to delete).

Qpher maintains automated backups with a Recovery Point Objective (RPO) of less than 1 hour for database data and zero data loss for cryptographic key material. Database backups are stored in a geographically separate region using server-side encryption (AES-256). Key Encryption Keys (KEKs) use a multi-provider strategy to ensure recoverability even if a single secrets provider is compromised. Disaster recovery procedures are documented and rehearsed quarterly, including full restoration tests to verify backup integrity.