From the Dashboard, after logging into SecurityGateway with a global administrator account:
You will then see a number of options related to how long SecurityGateway will retain information regarding the database, SMTP sessions, and messages sent to and from the server.
Note: Any database-record pruning enabled here will be done at midnight after the specified number of days.