Compliance Archive · The EFA family

EFAarchive

Tamper-proof email archive built for legal and financial compliance. Legal hold, eDiscovery search, immutable storage, and retention policies that satisfy FINRA, SEC 17a-4, HIPAA, and GDPR.

Request a quote Talk to sales
EFAarchive

Backup and archive are not the same thing

Email backup answers "I need to recover this." Email archive answers "I need to prove this — and I need to prove it years from now, in a form a regulator or a court will accept."

EFAarchive is built for the second job. Every message is captured at the gateway and written into immutable, tamper-evident storage with a cryptographic chain of custody. Retention runs on policy, not on user intent. Legal hold is a switch, not a project. eDiscovery search runs across years of email in seconds, with reviewer roles, redactions, and exportable case files.

It pairs naturally with OpenEFA: as messages flow through email security, copies are written to the archive automatically. Most customers run them together.

What EFAarchive does

Immutable, tamper-evident storage

Write-once storage with cryptographic per-message hashing. Any modification is detectable; deletion outside policy is impossible.

Legal hold

Apply a hold by user, date range, or custodian. Held messages are exempt from retention expiry until the hold is released, with a full audit trail.

eDiscovery search

Full-text search across years of email in seconds. Boolean operators, attachments, metadata, custodian filtering. Saved cases with reviewer assignments.

Policy-driven retention

Set retention by group, sensitivity, or message class. Auto-expire on schedule. Full audit trail of every retention action.

Defensible export

Export case sets in MBOX, PST, or EDRM-friendly formats with hash manifests. Reviewer-ready, court-ready.

Role-based access

Separate roles for compliance officers, legal reviewers, and IT administrators. Every action is logged, signed, and reviewable.

FINRA-aligned SEC 17a-4(f)-aligned HIPAA-aligned GDPR-aligned WORM-style storage US data residency

Common questions

Backup is for recovery; archive is for proof. A regulator or opposing counsel doesn't accept "we restored it from backup" — they want a tamper-evident chain of custody, retention policy, and search. EFAlifeline handles backup; EFAarchive handles archive. Most regulated customers need both.

EFAarchive's storage model and audit trail are designed to align with SEC 17a-4(f) requirements for non-rewritable, non-erasable storage and FINRA's communications retention rules. We can provide attestation documentation as part of a sales conversation; your designated compliance officer should review the specifics for your jurisdiction.

Retention is policy-driven. Common configurations are 7 years (financial), 10 years (healthcare), or unlimited (legal hold). Multiple policies can run concurrently, scoped by user group or message classification.

Yes. Bulk import from PST, MBOX, or live mail systems is supported during onboarding. Imported messages get the same hash and chain-of-custody treatment as live captures.

OpenEFA is the gateway; EFAarchive is the journal. As messages pass through OpenEFA's filtering, qualifying messages are journaled to EFAarchive automatically. Most customers buy them together; pricing reflects that.

Per-mailbox monthly pricing with bundle discounts when paired with OpenEFA or other EFA family products. Storage is included up to typical retention levels; high-volume retentions are quoted separately. Contact us.

Make every email a defensible record.

Tell us your jurisdiction and retention requirements — we'll size and quote.

Request a quote