What this page answers
- Which data classes are stored in the hosted model
- What the default retention and deletion behavior is
- How ownership changes between hosted and self-hosted environments
Current state (as of March 5, 2026)
Tero is designed to minimize retained data. The control plane stores the metadata required to operate the product, not full raw telemetry payloads as the default system-of-record model.Data lifecycle diagram (hosted default)
Data classes and handling model (hosted default)
| Data class | Stored in Tero-hosted | Typical purpose |
|---|---|---|
| Account and workspace configuration | Yes | Service setup and access control |
| Telemetry metadata (schema, field types, volume patterns) | Yes | Catalog, analysis, and policy generation |
| Full raw telemetry content | No (default model) | Source of record remains customer observability platform |
| Authentication and session metadata | Yes | Authentication and authorization workflows |
| Billing metadata (self-service) | Limited scope only | Billing operations |
Retention and deletion baseline
| Data type | Default retention |
|---|---|
| Account and workspace data | While account or workspace is active |
| Metadata required for service operation | While workspace is active |
| Backups | 30 days |
Hosted vs self-hosted boundary
| Area | Tero-hosted | Self-hosted |
|---|---|---|
| Data locality control | Tero-hosted region model | Customer-selected region and infrastructure |
| Infrastructure boundary | Tero-operated | Customer-operated |
| Subprocessor scope | Tero-managed service stack | Customer-selected stack |
| Data deletion execution | Tero-operated | Customer-operated runtime |
Evidence you can request
| Topic | Primary evidence |
|---|---|
| High-level storage model | Overview |
| Ownership split by deployment | Shared Responsibility |
| Retention and deletion expectations | Data Retention |
| Subprocessor scope | Subprocessors and Third Parties |