Data Retention & Deletion
Concrete retention periods for Customer data — no vague 'as long as needed' language.
Last updated: June 23, 2026
Overview
Inventifornia retains Customer data only as long as necessary to provide the Service, meet legal obligations, and support audit accountability. This schedule applies unless a signed agreement specifies otherwise.
Retention schedule
| Data category | Retention period | Notes |
|---|---|---|
| Active account — Input Data & configuration | Retained while subscription is active | Customer may export via CSV at any time (permission-gated) |
| Active account — staff Personal Information | Retained while user account exists | Name, work email, role, audit attribution |
| Audit trail | Life of account + 7 years after termination | Append-only operational logs; supports government accountability requirements |
| Post-termination — export window | 30 days after subscription ends | Read-only access for export if account not deleted sooner by Customer |
| Post-termination — production deletion | Within 90 days after termination | Input Data and user accounts removed from active D1 database |
| Backups | Rolling 30 days | Encrypted backups may retain deleted data until rotation; see Backup & Restore |
| Billing records | 7 years | Stripe retains payment records per PCI and tax requirements |
| Aggregated analytics | Indefinite (anonymized) | No Customer or individual identification |
Customer-initiated deletion
Organization administrators may delete inventory records, disable users, and request full tenant deletion by contacting support. Tenant deletion follows the post-termination schedule above.
Legal hold
Inventifornia may retain data beyond standard periods when required by law, litigation hold, or government investigation. Affected Customers will be notified when legally permitted.
Trust CenterTerms & ConditionsPrivacy PolicyCookie PolicyAcceptable Use PolicyOperational Data BoundaryData Processing Addendum