← All controls

30 Vault retention & legal hold

Vault decides how long Gmail, Drive, Chat and Groups data is kept and whether a user can delete it at all. A default rule sets a retention period per service; a custom rule overrides it for an OU or shared drive; a hold on a matter overrides both — including user deletion — for as long as the hold exists. Retention is what makes data survive an attacker or a departing employee trying to destroy it, and Vault privileges are a separate admin role rather than something implicit in super admin.

Caveats

Setup steps

  1. Vault › Retention › Default rules
    Default rule per service
    Retain for <N> days from message/file creation
    post-retention action
    purge (choose purge only already-deleted items, or purge all data including undeleted items) (OU carve-outs, e.g. retain-indefinitely for crown jewels, belong in the next step's custom rules)

    Retain Gmail messages with Vault ↗

  2. open ↗ Vault › Retention › Custom rules
    Custom rule
    scope (OU / shared drive / term) + duration + expire action

    Retain Drive files with Vault ↗

  3. Vault › Matters › <matter> › Holds

    Hold = service (Gmail/Drive/Chat) + accounts or OU; no end date

    Get started with holds in Google Vault ↗ Create & manage matters ↗

  4. Admin console › Account › Admin roles

    Vault role granted to named custodians only; since November 1, 2025 each Vault admin must also hold a Vault license — the role alone no longer grants access

    Set up Vault privileges ↗

Ongoing maintenance

How to verify

  1. In Vault, read the default retention rule and any custom rules against the retention schedule, and list active holds — then search for a message older than the retention window to confirm expiry actually happens.

Further screens

Screen 1 of 1: Google Vault > Matters (legal hold lives inside a matter)

open ↗
Admin console screen — Google Vault > Matters (legal hold lives inside a matter)
https://vault.google.com/u/0/matters captured 2026-07-15

v0.1.3Recoveredition Business Plus+ policy #18 · #11 (gap G2) ↗