GC SurgeDocsSecurity and Data Retention Policy
1 min read

Security and Data Retention Policy

This page summarizes the security controls and data-retention behavior that customers most often ask about during onboarding, legal review, and operational governance. GC Surge retains data for the following default periods: Covers: Security controls, Data retention.

security-and-data-retention-policy-01.png

Security controls

  • Encrypted transport — all platform traffic is encrypted in transit using TLS 1.2 or higher.
  • Encryption at rest — credentials and sensitive data are stored encrypted at rest (AES-256).
  • Role-based access control — access is controlled at the application layer based on each user's assigned role.
  • Authenticated agents — field and edge components authenticate to the platform using signed tokens before they can send data.
  • Tenant isolation — each customer's users, sites, and camera data are isolated from every other tenant.

Data retention

GC Surge retains data for the following default periods:

security-and-data-retention-policy-02.png
Data typeDefault retention
Alarm dataMinimum 12 months
Audit logsMinimum 12 months (write-once — not editable or deletable)
Billing recordsMinimum 7 years
Video snapshots90 days (configurable)

GC Surge does not provide long-term video storage. Only the snapshots attached to alarms are retained, for 90 days; full video retrieval requires your own NVR/VMS. Where a retention period in your service agreement differs from these defaults, your agreement takes precedence.

GC Surge