Principles
We retain personal data only as long as necessary for the purposes described in our Privacy Notice, to comply with law, and to protect the integrity and security of the Services. We prefer aggregation and anonymization where feasible.
Account identifiers
Typical period: While account is active; up to 24 months after closure for fraud/prevention/legal
Usage telemetry
Typical period: 6–18 months, aggregated/anonymized thereafter
Support tickets
Typical period: 24 months after resolution unless required longer
Billing records
Typical period: As required by tax/accounting law (typically 7 years)
Security logs
Typical period: 90–365 days depending on signal type and threat context
Exceptions
Retention periods may be extended where necessary to comply with legal obligations, resolve disputes, enforce agreements, or maintain security. Once data is no longer needed, we delete or anonymize it.