A surprisingly common pattern: a firm with an aggressive seven-year retention policy, hot in the primary database the whole time, with no cryptographic binding to wall-clock time. If anything in that database was modified after the fact — by an attacker, by a well-meaning DBA, or by a software bug — the evidence's value at a tribunal collapses to "the firm says these are their logs". Long retention without notarisation is just expensive storage.
What retention actually does.
Retention answers "do we still have it?". For AI agent receipts, the obligations stack: EU AI Act Article 12 mandates a minimum of six months. UK GDPR retention principle requires no longer than necessary. FCA SYSC pushes seven years in financial services. ICO SAR timelines need the data to exist for the one-month response window.
The right architecture is a two-tier lifecycle:
- Hot tier: 90 to 180 days, sub-100ms queries, full coverage from receipt to dashboard.
- Cold tier: 7+ years, optimised for completeness and cost, queries acceptable in seconds to minutes.
Retention is enforced by an automated job; the alternative is "we have logs we hope are seven years old" which fails every supervisory visit.
What notarisation adds.
Notarisation answers "is what we have now what we had then?". That's a different question. Retention preserves bytes; notarisation proves that today's bytes match the bytes that existed at the time they were originally produced.
The standard for notarisation is RFC 3161. A trusted Time-Stamping Authority signs a hash you give it together with the current UTC time. The signed timestamp token binds the hash to the moment. Anyone — including a regulator's analyst with no access to your systems — can verify the token offline against the TSA's certificate.
In Agent Audit, we notarise the chain head after every receipt batch. Because the chain is a hash chain, that single timestamp binds every receipt that came before it. One notarisation every few minutes is enough to prove the entire chain up to that point existed unchanged.
The four-quadrant view.
| No notarisation | Notarisation | |
|---|---|---|
| Short retention | Whatever happened > window ago is irretrievable. Familiar territory for most teams; failing every regulatory floor. | Proven evidence inside the window, nothing outside. Acceptable for short-cycle workloads, useless for incidents discovered post-window. |
| Long retention | Expensive storage of unprovable bytes. Hard to defend if challenged. | Where compliance buyers want to be. Every chain head bound to wall-clock time, full lifecycle preserved. |
The pragmatic posture.
We default Professional and Enterprise tenants to:
- Hot retention: 90 days (Starter) or 180 days (Professional) of fully-indexed primary storage.
- Cold retention: 7 years (Starter), indefinite (Professional and Enterprise unless contractually shorter).
- Notarisation: on every chain-head advance, via FreeTSA by default with operator overrides for Sectigo, DigiCert and customer-elected TSAs.
- Tombstone safety: the retention job will not purge a receipt whose session chain has never been notarised. Sounds extreme; it is the only defensible policy.
The fragile bit of the system isn't the hash chain or the TSA. It's the boundary between hot and cold. We've seen production systems where receipts "moved to cold storage" actually moved to a dead bucket nobody had query access to. Our retention job records every run on the operator dashboard with archived / purged counts — auditable from the first day.
The corner-cut to avoid.
The most common mistake is buying long retention and skipping notarisation because "we trust our database". The database is fine. The shape of legal challenge isn't "we don't believe Postgres" — it's "you could have modified these records last week". Notarisation makes that claim implausible.
The corollary mistake is buying notarisation and skipping retention. A notarised chain you can't read is a paperweight.
Where Agent Audit sits.
Retention and notarisation are both shipped, both on by default from the Starter tier upward, both visible on the operator dashboard at Integrity. The retention job runs daily at 03:17 UTC. Notarisation runs on every chain-head advance for Professional and Enterprise tenants. Every evidence pack (Article 12, ICO SAR, FCA SYSC, NIST AI RMF, Board, Insurance Claim) includes the relevant notarisation tokens on the integrity page.