CookieBeam

Data Retention & Deletion Policy

Transparent information about how long we keep your data and our deletion procedures

Policy Overview
Last updated: October 19, 2025

This policy outlines our data retention practices in compliance with GDPR Article 5(1)(e) (storage limitation principle), UK GDPR, and CCPA requirements. We retain personal data only as long as necessary for the purposes for which it was collected.

Automated Deletion

Most data categories are automatically deleted when retention periods expire

Secure Deletion

Multi-stage deletion process ensures data is completely unrecoverable

Regular Reviews

Retention periods are reviewed annually and updated as needed

Data Retention by Category

Account Information
Basic user account data including name, email, and company details
Auto-Delete
User Deletable

Data Examples

Name
Email address
Company name
Job title
Account preferences

Legal Basis

Contract performance, Legitimate interests

Primary Retention:3 years after account closure
Backup Retention:30 days after primary deletion
Anonymization:6 months after account closure
Billing & Payment Data
Payment information, billing history, and invoices
Auto-Delete

Data Examples

Billing address
Payment history
Invoices
Subscription details
Transaction IDs

Legal Basis

Legal obligation (tax law)

Primary Retention:7 years
Backup Retention:90 days after primary deletion
Anonymization:7 years and 6 months
Usage Analytics
Website usage data, feature analytics, and performance metrics
Auto-Delete
User Deletable

Data Examples

Page views
Feature usage
Session duration
Click patterns
Error logs

Legal Basis

Legitimate interests

Primary Retention:2 years
Backup Retention:30 days after primary deletion
Anonymization:1 month
Consent Records
Cookie consent choices and privacy preference history
Auto-Delete

Data Examples

Consent timestamps
Cookie categories accepted
IP addresses
User agent strings

Legal Basis

Legal obligation (GDPR compliance)

Primary Retention:3 years
Backup Retention:90 days after primary deletion
Support Communications
Customer support tickets, emails, and chat logs
Auto-Delete
User Deletable

Data Examples

Support tickets
Email correspondence
Chat transcripts
Feedback forms

Legal Basis

Legitimate interests

Primary Retention:2 years
Backup Retention:60 days after primary deletion
Anonymization:6 months after resolution
Marketing Data
Marketing communications preferences and campaign data
Auto-Delete
User Deletable

Data Examples

Email preferences
Campaign interactions
Newsletter subscriptions
Marketing consent

Legal Basis

Consent

Primary Retention:2 years after consent withdrawal
Backup Retention:30 days after primary deletion
Anonymization:Immediate after consent withdrawal
Security Logs
Authentication logs, security events, and access records
Auto-Delete

Data Examples

Login attempts
IP addresses
Failed authentications
Security alerts

Legal Basis

Legitimate interests (security)

Primary Retention:1 year
Backup Retention:90 days after primary deletion

Deletion Process

1

Soft Deletion

Immediate

Data is marked as deleted but remains recoverable

Access: No user access, admin recoverable

2

Hard Deletion

30 days after soft deletion

Data is permanently removed from primary systems

Access: Not recoverable from primary systems

3

Backup Purging

30-90 days after hard deletion

Data is removed from all backup systems

Access: Completely unrecoverable

4

Anonymization

After backup purging

Any remaining references are anonymized

Access: No longer considered personal data

Your Rights Regarding Data Retention

Request Deletion

You can request deletion of your personal data at any time, subject to legal requirements.

  • Account data can be deleted immediately
  • Billing data must be retained for 7 years (legal requirement)
  • Consent records must be retained for 3 years (GDPR compliance)
  • Some data may be anonymized instead of deleted
Retention Extensions

In some cases, we may need to extend retention periods:

  • Active legal proceedings
  • Ongoing regulatory investigations
  • Suspected fraud or security incidents
  • User requests for account recovery
Technical Implementation
How we ensure reliable and secure data deletion

Automated Systems

  • Daily automated deletion jobs
  • Retention period monitoring
  • Deletion confirmation logging
  • Compliance reporting dashboard

Security Measures

  • Cryptographic deletion for encrypted data
  • Multi-pass overwriting for sensitive data
  • Deletion verification and auditing
  • Regular compliance assessments