Data Archival and Removal Policy

Effective Date: 2025/01/01
Last Updated: 2025/01/01

The purpose of this Data Archival and Removal Policy is to define how and when user data will be archived or removed from our systems.

1. Archival of Inactive Data

In cases where user accounts become inactive for [12 months] or more, data may be archived to a separate storage system before being permanently deleted. This ensures compliance with legal requirements or business needs for retaining historical records.

• Archived Data: When archived, user data will be stored in a secure, read-only format, making it inaccessible for normal operations. This data will remain stored until further deletion is necessary or requested by the user.

2. Permanent Data Removal

Once the archival period has passed, user data will be permanently deleted from all our systems, including:

• Supabase databases: All personal data (e.g., profile, logs) stored in Supabase will be permanently deleted.

• Auth0: User authentication information, such as login credentials and tokens, will be erased from Auth0’s user database.

• Vercel: Any logs related to the user will be permanently removed from Vercel's logging system.

Upon permanent deletion, there will be no way to recover the data, so users are encouraged to back up any critical information before requesting deletion.

3. Backup and Redundancy

In case of system failures or other operational issues, data backups will be kept and stored securely for 12 months. Backups will be treated the same as the original data and will be subject to the same retention, archival, and removal policies.