Product FeatureSecurity

Data Retention Window: Share Sensitive HTML Without Leaving a Trace

HTMLvault Team·June 15, 2026·5 min read

The Problem with Content at Rest

Most secure sharing tools focus on access control: who can view, when, for how long. That's necessary, but for some content, it's not sufficient. The moment a document sits on a server—any server—it becomes a liability. It can be subpoenaed. It can be breached. It can show up in an audit you didn't anticipate.

For certain use cases, the only acceptable posture is ephemeral sharing: the content exists just long enough to be consumed, then it's gone. Not archived. Not soft-deleted. Purged.

HTMLvault's Data Retention window is designed for these scenarios. When configured, your HTML is permanently deleted from our infrastructure once your specified viewing constraints are met.

Who This Is For

The Data Retention window serves users who share content that's too sensitive to persist:

  • M&A deal teams sharing term sheets or LOIs with outside counsel
  • Sales reps sending custom pricing that includes confidential margin data
  • HR and recruiting distributing compensation benchmarks or candidate evaluations
  • Healthcare and legal teams sharing documents containing PII or PHI
  • Security teams distributing incident reports or vulnerability disclosures

If your IT or legal stakeholder has ever asked "where does this data live after it's shared?"—this feature gives you a concrete answer: nowhere, once the window closes.

How It Works

When you create a link and configure the Data Retention window, HTMLvault stores your HTML encrypted at rest (AES-256) just like any other link. The difference is what happens after your viewing constraints are satisfied.

You define the constraint when creating the link. Options include:

  • Expiration time — content purged at the scheduled expiry time (e.g., "delete after 72 hours")
  • Both constraints — if you set both an expiration and another time-based window, whichever triggers first initiates deletion

Once the constraint is met, our system immediately and irreversibly deletes the HTML payload, the decryption key, and any cached renders. The link record remains (so your analytics persist), but the content is unrecoverable—by you, by us, by anyone.

Upload HTML + set constraint Encrypted at rest (AES-256) Constraint triggered Purged payload + key deleted 1 2 3 4 (analytics record kept)
Content lifecycle with a configured Data Retention window: HTML is stored encrypted until a constraint triggers permanent, irreversible deletion—while the analytics record is preserved.

How to Configure the Data Retention Window

The Data Retention window is a Pro feature, available in the link creation flow. Here's how to set it up:

  1. Create a new link from the dashboard, API, or any integration (Claude, Zapier, Clay, etc.)
  2. In the Security Settings panel, locate the Data Retention section
  3. Toggle the Retention Window on
  4. Set your desired constraint: an expiration time, or configure multiple time-based windows
  5. Complete link creation as normal

Via the API, include your expires_at parameter in your POST request body. When the constraint is satisfied, HTMLvault purges the HTML payload automatically—no additional call required.

Security Settings DATA RETENTION Retention Window Purge HTML payload after viewing constraints are met 1 EXPIRATION Expires after 72 hours 2 Save & Create Link
The Security Settings panel: toggle (1) enables the Retention Window; expiration (2) defines when the constraint fires and deletion is triggered.

Worked Example: Sharing a Compensation Proposal

A recruiting operations lead needs to share a custom compensation package with a candidate. The HTML includes base salary, equity grant details, and internal band comparisons—information that should never persist on external systems.

She creates an HTMLvault link with these settings:

  • Data Retention window: enabled
  • Expiration: 72 hours
  • Password protection: enabled (shared via a separate channel)

The candidate views the proposal twice over the next day. At the 72-hour mark, the expiration constraint triggers. HTMLvault purges the HTML payload. The candidate can no longer access the content, and there's no data at rest for legal to worry about.

0 h 24 h 48 h 72 h View 1 View 2 Expiry → Purged Link created
Timeline of the compensation proposal example: two views occur within 72 hours, and at the 72-hour mark the expiration constraint fires, purging the payload.

Limits and Caveats

Before configuring the Data Retention window, understand the tradeoffs:

  • Irreversible — once purged, the content cannot be recovered. There is no undo, no backup. If you need the HTML again, you must re-upload it.
  • Analytics persist, content doesn't — you retain view counts, geo data, scroll depth, time-on-page, and other analytics. You just can't retrieve or re-serve the original HTML.
  • No caching guarantees downstream — HTMLvault deletes data from its own infrastructure. We cannot control browser caches, proxy caches, or screenshots taken by viewers.
  • Pro plan required — this feature is not available on Free. Enterprise customers can enforce it as a policy default via admin settings.
  • A constraint is required — links must have an expiration set. Links configured to never expire cannot use this mode.

Why This Matters

Sales and recruiting teams regularly share content that's sensitive enough to warrant access controls but not sensitive enough to justify a full secure data room. Without a defined retention window, that means accepting risk: the content sits on a server, and you hope nothing goes wrong.

Configuring a Data Retention window changes the calculus. The recruiting ops lead who sends a comp proposal now has a defensible answer when legal asks about data persistence. The sales rep sharing custom pricing doesn't have to wonder whether that margin data will surface in a breach three years from now. And IT has an auditable, policy-enforceable posture to point to—not just a verbal assurance.

Ephemeral sharing on its own isn't new. Getting it alongside analytics, password protection, PII scanning, and white-labeling—inside a tool that IT already approved—is what makes it practical at scale.

Product Featuredata retentionsecuritycompliancesensitive dataephemeral sharing

HTMLvault

Share HTML securely — without losing your job.

The enterprise-grade platform for sharing HTML pages, reports, and dashboards with full PII scanning, access controls, and audit trails.

Start for free

Related Posts