Data retention and deletion

Retention timelines are consistent across billing, automated jobs, and this documentation.

Cancelled workspaces

• Grace period: Until end of current billing period; full access continues
• Access ends: At grace period end; account closed; deletion schedule begins
• 60 days after access ends: Personal data anonymised (soft delete)
• 90 days after access ends: Permanent deletion (hard delete)

Other data categories

• Audit logs: Retained 2 years, then purged automatically
• Cookie consent records: 1 year
• Privacy requests: 3 years after completion (compliance evidence)
• Billing records: Retained as required by tax law (typically 6–7 years)
• Backups: Supabase encrypted PITR; rolling schedule independent of application lifecycle

Self-service deletion

Delete your account from Profile → Security. Workspace admins can delete workspaces from Workspace Settings. See Your privacy rights for DSAR options.