Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Salesforce Backup and Restore (Add-On) - Retention Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Salesforce Backup and Restore (Add-On) - Retention Control

            Retention policies can be set to meet any internal requirements set by your company for keeping data backed up.

            Control Name

            Salesforce Backup and Restore (Add-On) - Retention

            Control Overview

            Configurable retention policies in Salesforce Backup and Recover automatically delete backups after defined periods, enforcing data minimization by limiting how long copies of production data persist in storage.

            Description

            Admins set per-backup or global retention rules (for example, 30 days, 1 year, indefinite) via the add-on interface. Supports compliance schedules like GDPR 30-day deletion or HIPAA 6-year retention, with audit logs of deletions.

            Recommended Configuration

            Define backup data retention - recommended 1 year or based on company compliance requirements. Configure in Backup and Recover>Policies>Retention, applying to daily, weekly, or monthly snapshots and sandbox seeds.

            Security Impact

            Reduces attack surface by purging unnecessary data copies, prevents indefinite storage of PII and PHI, and provides defensible deletion proof for regulators.

            Business Impact

            Lowers storage costs (for example, ~30% savings at 1-year retention), simplifies audits with automated compliance, and frees resources for active data management.

            Security Risk If Not Configured

            Violation of data minimization retention principles for records exposes org to unnecessary breach risks from aged backups.

            Threat Scenarios

            Indefinite or overly long data retention violates data minimization principles and increases exposure to data breaches and regulatory penalties; compromised admin accounts could exfiltrate years of historical PII.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Retention needs vary by industry; factor in restore frequency and legal holds that may require exceptions.

            Higher Risk When

            Org has regulatory compliance requirements for data retention and does not have a retention policy in place.

            Low Risk When

            Org does not have regulatory requirements for data retention.

            Business and Integration Considerations

            Align with org retention policies, test restores from aged backups before finalizing periods.

            Security Health Review Guidance

            Highly recommended.

            Who Is Impacted

            Backup admins, compliance teams, auditors reviewing the data lifecycle, and devops managing storage budgets.

            See Also

             
            Loading
            Salesforce Help | Article