Data Retention & Deletion Policy
Version: v2025-10
Last Updated: October 20, 2025
This Data Retention and Deletion Policy describes how SuperSend retains, stores, and deletes personal and business data processed through its platform. The policy complies with GDPR Article 5(1)(e), CCPA, and other applicable data protection regulations.
1. Data Retention Principles
- Purpose Limitation: Data is retained only as long as necessary to deliver services or fulfill contractual and legal obligations.
- Minimization: Temporary and unnecessary data is deleted or anonymized automatically.
- Security: All retained data is encrypted at rest (AES-256) and in transit (TLS 1.3).
2. Retention Periods
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Customer account data | Active subscription + 12 months | Full deletion upon account closure |
| Campaign and contact data | Until deleted by customer or 12 months after inactivity | Secure deletion via PostgreSQL purge and encrypted backup expiry |
| Exports and reports | 7 days | Automatic removal from AWS S3 |
| LinkedIn screenshots and debug data | 30 days | Automated cleanup job |
| Application and audit logs | 12 months | Log rotation and overwrite |
| Backups | 30-day rolling window | Encrypted deletion after expiry |
3. Data Deletion Process
- Users can delete data directly via the SuperSend interface or API.
- Deletion cascades through all dependent systems, including Redis caches and backups.
- Confirmed deletions are logged for audit purposes and irreversible after 30 days.
4. Customer Control
Customers have full control over their stored data and may request complete deletion at any time by contacting dpo@supersend.io. Requests are completed within 30 days.
_Last Updated Oct 20 2025 — GDPR Compliance v2025-10_
Ready to Build Your Outbound Engine?
