Skip to main content

Data Retention Policy

Retention Philosophy

Data is retained only as long as operationally necessary. Inactive user data may be deleted.

Retention Principles

Operational Necessity

We retain data only as long as needed to:

  • Provide our services effectively
  • Comply with legal and regulatory requirements
  • Resolve disputes and protect legal interests
  • Maintain service security and performance

User Control

Users have the right to:

  • Request deletion of their data at any time
  • Control retention through account settings
  • Export data before deletion
  • Understand retention periods for different data types

Data Categories and Retention Periods

Account Data

Active Accounts

  • Retention Period: While account is active
  • Data Types: Profile information, preferences, settings
  • Deletion Trigger: Account deletion or 12 months of inactivity

Inactive Accounts

  • Retention Period: 12 months of inactivity
  • Notification: Users notified before deletion
  • Grace Period: 30 days to reactivate account
  • Final Deletion: Complete data removal after grace period

Service Usage Data

Active Usage Data

  • Retention Period: Current user session and 90 days history
  • Data Types: Task completion, progress tracking, usage patterns
  • Purpose: Service improvement and user experience
  • Deletion: Automatic deletion after retention period

Analytics Data

  • Retention Period: Aggregated data retained indefinitely, individual data for 2 years
  • Data Types: Anonymous usage statistics, performance metrics
  • Purpose: Product development and service optimization
  • Privacy: All data anonymized and aggregated

Technical Data

System Logs

  • Retention Period: 90 days for security logs, 30 days for general logs
  • Data Types: Access logs, error logs, performance data
  • Purpose: Security monitoring and troubleshooting
  • Security: Logs are essential for security monitoring

Backup Data

  • Retention Period: 30 days for operational backups
  • Data Types: Encrypted backups of user data
  • Purpose: Disaster recovery and data protection
  • Deletion: Automatic rotation and deletion of old backups

Communication Data

Support Communications

  • Retention Period: 2 years from last interaction
  • Data Types: Support tickets, email correspondence
  • Purpose: Customer service and dispute resolution
  • Deletion: Automatic deletion after retention period

Marketing Communications

  • Retention Period: Until user unsubscribes or 2 years of inactivity
  • Data Types: Email preferences, subscription status
  • Purpose: Marketing communications and notifications
  • Deletion: Immediate upon unsubscribe request

Inactive User Data Handling

Inactivity Definition

An account is considered inactive if:

  • No login for 12 consecutive months
  • No app usage for 12 consecutive months
  • No communication with support team
  • No billing activity (if applicable)

Inactive Account Process

  1. Warning Notification: Email sent 60 days before potential deletion
  2. Final Warning: Email sent 30 days before deletion
  3. Grace Period: 30 days to reactivate after final warning
  4. Data Deletion: Complete removal if no reactivation

Reactivation Process

Users can reactivate by:

  • Logging into their account
  • Contacting customer support
  • Using the reactivation link in warning emails
  • Providing updated contact information

Regulatory Requirements

Certain data may be retained longer for legal compliance:

  • Tax Records: 7 years for financial compliance
  • Legal Holds: Indefinite for active legal disputes
  • Security Logs: 1 year for security compliance
  • Audit Records: 3 years for financial audits

Law Enforcement Requests

  • Legal process required for data disclosure
  • Users notified of requests (where legally permitted)
  • Minimal data provided as required by law
  • Compliance with applicable privacy laws

Data Deletion Procedures

Secure Deletion

All deleted data is securely removed using:

  • Multiple overwrites for critical data
  • Cryptographic erasure for encrypted data
  • Certified deletion for compliance requirements
  • Documentation of deletion procedures

Deletion Verification

  • Regular audits of deletion procedures
  • Automated verification of complete removal
  • Documentation of deletion activities
  • User confirmation of data removal

User Rights

Access Rights

Users can request information about:

  • What data is retained and for how long
  • Why certain data is retained
  • How deletion requests are processed
  • Any exceptions to standard retention periods

Deletion Rights

Users have the right to:

  • Request immediate deletion of their data
  • Export data before deletion
  • Object to certain retention practices
  • Receive confirmation of deletion completion

Updates to This Policy

Policy Changes

This data retention policy may be updated to:

  • Comply with new legal requirements
  • Reflect changes in business practices
  • Improve data protection measures
  • Provide clearer user guidance

Notification Process

Significant changes will be communicated through:

  • Email notification to affected users
  • In-app notifications
  • Updated policy version dates
  • Public website announcements

Contact Information

Data Retention Questions

For questions about data retention:

Deletion Requests

To request data deletion:

  • Email: privacy@mavarosystems.com
  • Subject Line: "Data Deletion Request"
  • Account Required: Must include account verification
  • Timeline: Deletion completed within 30 days

Document Classification: Internal Privacy Policy Access Level: Privacy/Legal/HR Last Updated: November 26, 2025