Data retention policies
Retention defines how long Dailybot keeps categories of data while your account is active, after you delete content, and after an org closes. Exact periods can depend on your plan, region, and legal obligations — confirm against the Privacy Policy and any DPA you signed. The table below is a practical summary for admins.
Retention summary
| Data type | Typical retention while account is active | After deletion / org closure |
|---|---|---|
| Account profile (name, email, org membership) | Retained while the account exists | Removed or anonymized after closure, subject to legal holds |
| Check-in responses and workflow content | Retained until deleted by user/admin or org policy | Purged or anonymized per product schedule after deletion request or org deletion |
| Chat platform IDs and channel mappings | Retained while integration is connected | Removed when integration disconnects or org is deleted |
| Billing and invoice records | Retained for accounting and tax requirements | Retained for legally required period (often multiple years) |
| Security and audit logs | Rolling window for detection and forensics | Shortened retention after incident resolution; some logs kept longer if required |
| API keys and webhook secrets | Retained until you rotate or revoke | Deleted when keys are revoked or org is removed |
| Backups | Included in backup cycles for disaster recovery | Age out of backups after primary data is deleted (may add weeks) |
What happens when retention expires
When a retention period ends, data is deleted, aggregated, or anonymized so it no longer identifies individuals, unless a legal hold or abuse investigation requires a longer store. Aggregated analytics may survive without personal identifiers.
For individual rights requests, use Requesting data deletion. For regulatory questions, see GDPR compliance and your rights.