Data retention
ARGUS automatically purges mission data after defined retention windows. This page lists the defaults, the knobs that change them and the safety valves that prevent accidental loss.
Retention defaults
Defaults apply when the organisation has not customised a value. Windows
are measured from the document’s updatedAt unless noted.
| Data type | Default window | Notes |
|---|---|---|
| Mission metadata (doc + polygons) | 365 days | From closedAt if present, else updatedAt. |
| Telemetry (blackbox, OSD samples) | 90 days | Per-peer, per-mission. |
| Media (photos, video, point clouds) | 90 days | Object-store lifecycle rule; also drops HLS segments and VOD MP4s. |
| Chat and PTT transcripts | 180 days | Mission chat and stand-alone ops chat. |
| HMS and copilot alerts | 180 days | Master-caution history and acknowledgements. |
| Timeline events | 180 days | Geofence breaches, task state changes, operator actions. |
| Firmware logs | 90 days | Dock-uploaded logs pulled via the DJI Cloud API. |
| Remote log uploads | 90 days | Android / web client logs uploaded from Help → Send diagnostics. |
| Copilot chat (per-user) | 30 days | Per-user assistant threads, not mission chat. |
Purge is idempotent and runs daily. Deletion is soft for the first 7 days (tombstoned, admin-recoverable) and hard thereafter.
Per-mission overrides
A mission’s Security step in the edit mission wizard lets commanders override the window for that specific mission. You can only extend beyond the org default — not shorten below the org floor.
Overrides apply to all artefacts collected under the mission: telemetry, media, chat, alerts and timeline. They do not retroactively revive data that has already been purged.
Per-org overrides
Organisation admins set defaults from
Admin → Organisation → Retention. Each data type takes a number of
days; 0 means “delete at end of day” and -1 (or the Keep forever
toggle) disables automatic purge for that type. Regulated customers
usually extend chat and mission-metadata windows; high-volume customers
shorten telemetry and media.
Changes take effect at the next daily purge pass. A summary of the effective windows is shown on each mission’s Security step so commanders always see their defaults.
Legal holds
When litigation or an investigation is pending, admins can apply a legal hold on a specific mission or date range. A held mission is excluded from every purge pass until the hold is lifted, regardless of its retention window or the org defaults.
Legal holds are logged in the audit log with the placing user, reason and target. Only admins can place or lift them.
Export before purge
You can always export a mission’s data before its purge window closes. From the mission dashboard:
- Export ZIP — mission doc, polygons, waypoints, blackbox and transcripts. Streams live as it builds; no size limit.
- Mission report PDF — the AI-generated mission report with embedded timeline, HMS summary and stills.
- Raw media — S3 pre-signed URLs to the original photos, videos and point clouds. Links expire in 7 days; re-export if you need a new one.
Exports count as reads, so they do not extend the retention window. Archive the ZIP yourself for long-term custody.
What is never retained
A few things are deliberately dropped at end-of-session:
- TACLINK SDP and ICE candidates — discarded when the peer disconnects.
- DRC joystick packets — never persisted; transport-only.
- Pre-connect SFU tokens — one-shot; regenerated per join.