How to bolster regulatory compliance

Safeguard sensitive data to address legal obligations using Lucid’s Enterprise Shield add-on. This guide will give examples of implementing a custom retention policy and establishing legal holds.

Document retention

Lucid’s Enterprise Shield lets you set a custom document retention policy to manage your account’s data more effectively. You can choose to delete documents in the trash or all documents on the account (including the trash) automatically, based on their last modified or created date.

For steps on how to configure a new retention policy, see our document retention policy article

As an example, admins may choose to auto-delete documents in the trash that have not been modified in three years to prevent data hoarding. This could be a practical policy for many, since users typically don’t expect to keep items that have been moved to the trash.

Some industries have strict data retention requirements that prohibit early deletion. In such cases, we strongly recommend you pay special attention to the trash setting, as that will either allow or disallow users on your account to delete documents and folders permanently.

If your goal is to preserve data for a required period before allowing it to be deleted, consider this example retention policy. First, disable the trash setting to prevent users from permanently deleting documents and folders. This ensures that content is retained for the full required duration, as now the only way a document can be permanently deleted is through your retention policy. Then, configure a retention policy to automatically delete documents in the trash that are older than three years, or whatever period your specific regulation requires.

Legal hold API

Lucid’s legal hold API allows you to safeguard essential documents by applying and removing holds on specific users and/or keywords relevant to litigation. This ensures crucial data is preserved precisely when you need it. With Lucid’s legal hold feature, documents are protected from deletion and preserved until the hold is released. 

Admins can establish a legal hold using the API, configuring several key options:

  • Name the hold.
  • Add an optional description.
  • Define start and end dates for the hold (with the flexibility to manually release it early if needed).
  • Specify impacted users, known as “custodians.” All documents they own or have shared access to will be included by default.
  • Refine the hold’s scope with a keyword search. This ensures only documents accessible to a custodian and containing a particular keyword are preserved.

Admins are able to set a legal hold on both custodians and/or keywords.

If the legal hold only has custodians, all documents that the custodian has access to will be added to the legal hold.

If the legal hold only has keywords, docs get added to the legal hold if they have a keyword.

If the legal hold has custodians and keywords:

  • Docs only get added to the legal hold if a custodian has access and the doc has a keyword.
  • Docs that are not accessible by a custodian do not get added to the legal hold, even if they have a keyword.

Any account documents that a user can access when a hold is in place are automatically included in the legal hold. Accounts with active legal holds are secure and cannot be deleted from the Lucid platform. If a user on legal hold transfers their account, their held documents seamlessly move to the account’s designated default document owner, remaining under the hold. Crucially, users cannot transfer documents under legal hold to other users outside the Enterprise account. This system preserves documents owned by the account itself, not external documents shared with a user under legal hold. 

Review our developer documentation to explore how to access documents under a legal hold.

It’s important to know that Lucid does not send automated notifications to users placed on legal hold. Your legal and administrative teams manage this. If a user tries to delete a held document, they’ll receive a discreet message indicating admin-level prevention. Upon the hold’s expiration, documents are released and can then be permanently deleted.

Note: These guides are here to help you get the most out of Enterprise Shield, but are not intended to address all scenarios or compliance requirements. You’re in the best position to decide how to configure your settings to ensure they meet your specific security and privacy needs.

Additional guides

Getting started

If you’ve just purchased Enterprise Shield, learn some essential first steps to protecting your account.

Learn more

How to protect against data exfiltration

Protect sensitive documents from being accessed, copied, or shared without authorization.

Learn more

How to control and monitor document access

Manage inbound and outbound sharing with external users.

Learn more

How to obtain your own encryption keys

Get more info about Lucid Key Management Service (KMS), which allows customers to manage the encryption keys securing their data.

Learn more

How to automate document management and security

Build custom scripts to change document permissions in bulk, archive documents, or generate custom reports.

Learn more

How to manage session duration and control access

Balance security through session time-outs and an IP allow list.

Learn more

How to monitor, investigate, and respond to incidents

Take advantage of audit logs and revision history to reconstruct a timeline of events for incident management.

Learn more

Collaborate more securely with Enterprise Shield

Contact sales

Get Started

  • Enterprise
  • Contact Sales
  • Pricing

Products

Solutions

Company

Resources

PrivacyLegalCookie privacy choicesCookie policy
  • LinkedIn
  • Twitter
  • Instagram
  • Facebook
  • YouTube
  • Glassdoor
  • TikTok

© 2026 Lucid Software Inc.