Data Retention Policy
Last updated: May 19, 2026
We retain personal data only for as long as we need it to provide the service or to meet a legal obligation. The table below sets the maximum retention window for each data category.
| Category | Retention window | Trigger |
|---|---|---|
| Account record (email, profile) | Until account deletion | User-initiated delete from Settings |
| Document Vault files | Until file or account deletion | User-initiated delete; encrypted at rest while retained |
| Checklist progress, feedback | Until account deletion | Cascading delete with account |
| Session cookies | 365 days (rolling) | Inactivity / explicit logout |
| Password reset tokens | 60 minutes | Use or expiry; whichever first |
| Email verification PINs | 15 minutes | Use or expiry; whichever first |
| Login throttle records (IP + timestamp) | 24 hours | Pruned by scheduled cleanup |
| Security audit log | 24 months | Rolling delete; user id nulled when account deleted |
| Application logs (Replit infra) | 30 days | Hosting provider default |
| Payment records (subscription ID linkage) | 7 years | Required for tax / accounting |
Deletion mechanics
When you delete your account from Settings โ Delete account: every vault file is removed from object storage; rows in users, user_checklist_progress, feedback, documents, email_verification_pins, and password_reset_tokens are removed (cascade); audit log rows are retained with the user id set to NULL so the security record stays intact without re-identifying you.
Backups
Database backups are taken daily and retained for 14 days. Deleted records will age out of backups within that window.
Questions about this policy? Email privacy@navira.life.