This policy describes how long we retain different types of personal data. It complements our Privacy Policy.
Last updated: 2026-04-29
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Audit Logs | 365 days | Legitimate interest - Security monitoring |
| Login Attempts | 90 days | Legitimate interest - Fraud prevention |
| Session Data | 30 days | Contract performance |
| Data Type | Retention Period | Note |
|---|---|---|
| Deleted Accounts | 30 days | Recovery period before permanent deletion |
| GDPR Data Exports | 30 days | Temporary storage for download |
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Invoices & Payments | 10 years | Legal obligation - Tax regulations |
Coaching notes, mood check-ins, and wellness data are retained as long as your account is active. This data is deleted when you delete your account or request deletion under Art. 17 GDPR.
Encrypted backups are retained for 7 days to ensure business continuity and disaster recovery.
You can request deletion of your data at any time using our GDPR Request Form. Note that certain data must be retained longer due to legal retention requirements.
For questions about this policy, please contact info@bold-bloom.com.