diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 09796ef543026ce947dd18c600f98617b9eb3f5d..86ce85c11d71b42c81ad8d4c06f1eb5275649e05 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -13,6 +13,7 @@
     ./packages.nix
     ./issuer.nix
     ./private-storage.nix
+    ./monitoring/policy.nix
     ./monitoring/vpn/client.nix
     ./monitoring/exporters/node.nix
     ./monitoring/exporters/tahoe.nix
diff --git a/nixos/modules/monitoring/exporters/promtail.nix b/nixos/modules/monitoring/exporters/promtail.nix
index d0a49971dda80c64e0c9f190f671c0a756c21b73..8c4080343efc1be0fad29bf58763bbd4c645edb7 100644
--- a/nixos/modules/monitoring/exporters/promtail.nix
+++ b/nixos/modules/monitoring/exporters/promtail.nix
@@ -11,6 +11,7 @@
 let
   cfg = config.services.private-storage.monitoring.exporters.promtail;
   hostName = config.networking.hostName;
+  logRetention = toString(config.services.private-storage.monitoring.policy.logRetentionSeconds) + "s";
 
 in {
   options.services.private-storage.monitoring.exporters.promtail = {
@@ -33,25 +34,18 @@ in {
     services.promtail.enable = true;
     networking.firewall.interfaces.monitoringvpn.allowedTCPPorts = [ 9080 ];
 
-    # Since we'll send our journald logs elsewhere, we don't need to keep them
-    # here for very long.  Keep them for a *little* while just to provide some
-    # context in case someone ends up looking at the logs on the system itself
-    # but generally suppose that people will look at Loki instead.
     services.journald.extraConfig = ''
       # This tells journald it can discard log files that contain only log
-      # entries that are older than 29 days.
-      MaxRetentionSec=29day
+      # entries older than...
+      MaxRetentionSec=${logRetention}
 
       # This tells journald to start a new log file once a day.  Together with
       # the MaxRetentionSec setting, this means that entries are kept for
-      # between 29 and 30 days (plus whatever scheduling slop journald has in
-      # enforcing these limits).
+      # up to a full day longer than MaxRetentionSec.
       #
       # https://www.freedesktop.org/software/systemd/man/journald.conf.html
       # for further details about these options.
       #
-      # A maximum retention of 30 days conforms to the published log retention
-      # policy.
       MaxFileSec=1day
     '';
 
diff --git a/nixos/modules/monitoring/policy.nix b/nixos/modules/monitoring/policy.nix
new file mode 100644
index 0000000000000000000000000000000000000000..514f1892bf2e807f8ece98d56bc630154f90bcd6
--- /dev/null
+++ b/nixos/modules/monitoring/policy.nix
@@ -0,0 +1,14 @@
+# Codify our log data retention policy
+#
+# A maximum retention of 30 days conforms to the published log retention policy,
+# see https://private.storage/privacy-policy/ .
+
+{ options, lib, ... }: {
+  options.services.private-storage.monitoring.policy = {
+    logRetentionSeconds = lib.mkOption {
+      type = lib.types.int;
+      description = "How long do we retain logs (seconds)";
+      default = 29 * (24 * 60 * 60);  # 29 days, to accomodate for the journald log rotation (1 day).
+    };
+  };
+}
diff --git a/nixos/modules/monitoring/server/loki.nix b/nixos/modules/monitoring/server/loki.nix
index 491d1a4c5edd1100ea17c26bbe8e8799b9424582..f73720a5761ebdcbf3c47db9291ac76eb22ca1de 100644
--- a/nixos/modules/monitoring/server/loki.nix
+++ b/nixos/modules/monitoring/server/loki.nix
@@ -7,7 +7,11 @@
 #     https://grafana.com/docs/loki/latest/configuration/examples/#complete-local-configyaml
 #
 
-{
+{ config, ...}:
+let
+  logRetention = toString(config.services.private-storage.monitoring.policy.logRetentionSeconds) + "s";
+
+in {
   config.networking.firewall.interfaces.monitoringvpn.allowedTCPPorts = [ 3100 ];
 
   config.services.loki = {
@@ -61,7 +65,7 @@
 
         table_manager = {
           retention_deletes_enabled = true;
-          retention_period = "336h"; # two weeks
+          retention_period = logRetention;
         };
       };
   };