Data Retention and Deletion

Retention principles

• We retain data required for service operation, security operations, and legal obligations.
• Retention decisions balance customer rights, operational safety, and compliance requirements.
• Our "Burn and Rebuild" data strategy ensures that legacy technical debt is systematically eliminated, maintaining a lean and secure data posture.
• We limit unnecessary long-term storage where possible.

Deletion requests

Send deletion requests to [email protected]. Include account identifiers and authorized requestor details.

• Initial acknowledgment target: 3-5 business days
• Most standard requests are processed in normal support windows
• Complex requests may require additional verification and legal review

What deletion means

• Primary account data is removed from active service paths based on request scope.
• The use of JSONB metadata allows for surgical data deletion and PII scrubbing without affecting the relational integrity of the core identity hub.
• Residual copies in backups are handled through retention expiry and backup lifecycle controls.
• Where deletion is restricted by legal obligation, we provide transparent explanation.