Data Retention
Public integrations should document what is stored, why it is stored, and how users can remove access.
Retention policies should cover:
- connected agent consent records
- MCP tool call audit events
- idempotency records
- statement import metadata
- generated reports and previews