Operations
Storage, retention, signed URL TTL, sensitive access logging.
Phase 5 preview. These settings are the shape of the live form. Persistence + the real S3 bucket binding land in Phase 5b after a security checklist review (bucket private, KMS at rest, TLS in transit, no public ACLs, presigned-POST conditions).
Storage Provider
Amazon S3 (placeholder bucket: eapinder-documents-dev)
Production bucket eapinder-documents-prod will be provisioned in Phase 5b.
Signed URL TTL
5 minutes
Signed download URLs are short-lived and tied to the requesting user's session.
Default Retention
By category — 5 to 10 years
Retention floors derive from category metadata. Per-document overrides apply for restricted/regulated docs.
Sensitive Document Access Logging
Always on — restricted + regulated
Every preview, download, and signed-URL creation writes a document_access_logs row, separate from the firm-wide audit_logs trail.
Review Required Document Types
Suitability, Brokerage Response, Application, 1035 Exchange, Compliance Bundle, Identification
Driven by category.requires_review. Other types may be flagged ad-hoc.
AI Extraction
Disabled in Phase 5
Real text/layout/brokerage-response-pages parsers run in the AI phase.
DocuSign Integration
Disabled in Phase 5
Application + delivery-receipt e-signature flows attach DocuSign envelope ids in a later integration phase.
Compliance Bundle Generation
Disabled in Phase 5
The bundle PDF assembler runs after Four-Pillar Sales Process and Policy/Application phases.