Data Retention Policy

01 — Overview & Purpose

At Admin, we are committed to handling your data responsibly and transparently. This Data Retention Policy explains how we manage the lifecycle of data processed through our platform — from collection and storage to eventual deletion or archiving.

Our data retention practices are designed to balance operational needs with privacy obligations. We only retain data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

ℹ️

Key Principle

All personal and business data processed through Admin is subject to strict retention limits. No data is retained indefinitely without a defined business or legal justification.

Guiding Principles

Data Minimization: We only collect and retain data that is strictly necessary for the services provided.
Defined Retention Periods: Every category of data has a specific, documented retention period.
Secure Disposal: When data reaches the end of its retention period, it is securely and irreversibly deleted.
Customer Control: You have tools to view, export, and request deletion of your data at any time.
Regulatory Alignment: Our retention periods comply with GDPR, CCPA, SOX, HIPAA, and other applicable regulations.

02 — Scope & Applicability

This policy applies to all data processed through Admin's platform, including but not limited to:

Data submitted by users through the Admin dashboard and APIs
System-generated logs, analytics, and metadata
Communication records (support tickets, in-app messages)
Billing and payment information
Integration data from connected third-party services
Backup and disaster recovery copies

⚠️

Enterprise & Custom Agreements

Enterprise customers may have modified retention terms outlined in their specific Service Level Agreements (SLAs). In the event of a conflict, the terms of the signed contract take precedence.

This policy is binding on Admin, its employees, contractors, and all authorized service providers who process data on our behalf. It applies across all geographic regions where Admin operates.

03 — Data Categories & Retention Periods

The following table outlines the standard retention periods for each category of data processed through Admin's platform. Retention periods begin from the date the data is first created or collected.

d>

Data Category	Retention Period	Disposition
User Account Data Profile info, preferences, settings	Duration of active account + 30 days	Auto-delete
Authentication Logs Login attempts, 2FA events	90 days	Auto-delete
Application Data Records, documents, workflows created by user	Indefinite (customer-controlled)	Permanent
Audit Logs System activity, access logs, changes	1 year	Auto-delete
Support Communications Tickets, emails, chat transcripts	2 years after resolution	Limited
Billing Records Invoices, payment transactions	7 years	Limited
Analytics & Usage Data Aggregated platform usage metrics	2 years (aggregated form)	Limited
API Request Logs Request/response metadata	30 days	Auto-delete
Crash & Error Reports Debug data, stack traces	90 days	Auto-delete
Marketing & Communications Email preferences, consent records	Until consent withdrawn + 1 year	Limited
Deleted Content (Trash) Content moved to recycle bin	30 days	Auto-delete
Session Data Browser sessions, temporary tokens	24 hours	Auto-delete

✅

Extended Retention Options

Enterprise customers can request extended retention periods for specific data categories through the Admin Console under Settings → Data Management → Retention Controls. Extended retention is available for audit logs, application data, and API logs.

04 — Storage & Security Measures

Admin employs a defense-in-depth approach to protect stored data throughout its entire lifecycle. All retention-compliant data is subject to the following security controls:

Encryption

At Rest: All data is encrypted using AES-256 encryption with customer-managed or Admin-managed encryption keys, depending on your plan tier.
In Transit: All data transmissions are protected using TLS 1.3 with HSTS enforcement.
Tokenization: Payment card data is tokenized and never stored on Admin's primary systems.

Access Controls

Role-Based Access: Strict RBAC policies ensure only authorized personnel can access customer data.
Multi-Factor Authentication: Required for all administrative access to production systems.
Just-in-Time Access: Temporary, time-limited access for maintenance operations.
Automated Monitoring: Real-time monitoring and alerting for unauthorized access attempts.

Data Residency

Admin operates data centers in the United States (Virginia, Oregon), the European Union (Frankfurt, Amsterdam), and Asia-Pacific (Singapore, Tokyo). Customers on Professional and Enterprise plans can select their data residency region. Data does not leave the selected region under normal operations.

05 — Data Deletion Process

When data reaches the end of its retention period, Admin executes a secure, verifiable deletion process. The process differs based on data category and storage type.

Logical Deletion

For most data categories, Admin performs a logical deletion, which means the data is immediately removed from active systems and marked as destroyed in our tracking database. The data becomes unrecoverable through normal system operations.

Physical / Cryptographic Erasure

For sensitive data categories and backup copies, Admin implements one of the following methods:

Cryptographic Erasure: Encryption keys are securely destroyed, rendering the encrypted data permanently unreadable.
Overwriting: Storage media is overwritten using industry-standard methods (DoD 5220.22-M for magnetic media, Block Erase for SSDs).
Physical Destruction: End-of-life storage devices are physically destroyed via degaussing or shredding by certified vendors.

Deletion Verification

Every deletion event is logged in our immutable audit trail. Enterprise customers receive deletion confirmation reports via the Admin Console API and can request Certificate of Destruction documents upon request.

⚠️

Deletion Processing Time

While logical deletion is immediate, complete propagation across all backup and replication systems may take up to 30 days. During this window, deleted data may exist in isolated backup copies but is marked as destroyed and inaccessible.

06 — Customer Controls & Requests

Admin provides customers with comprehensive tools to manage their data retention and exercise control over their information.

Self-Service Controls

Data Export: Export your data in standard formats (JSON, CSV, XML) via the Admin Console or API.
Retention Configuration: Professional and Enterprise plans allow custom retention rules per data category.
Auto-Delete Scheduling: Set automatic deletion schedules for temporary data categories.
Data Inventory: View a complete inventory of all data stored in your Admin workspace.

Data Subject Requests

Individuals whose personal data is processed through Admin can submit requests for:

Access: Request a copy of all personal data Admin holds about you.
Correction: Request correction of inaccurate personal data.
Erasure: Request deletion of personal data (subject to legal retention obligations).
Portability: Request personal data in a machine-readable format.
Restriction: Request temporary suspension of processing.

Data subject requests can be submitted through the Admin Console under Settings → Privacy → Submit Request or by emailing dpo@admin.com. Admin will respond within 30 days, or 45 days for complex requests.

07 — Legal & Regulatory Obligations

Admin's retention periods are designed to comply with the following regulatory frameworks. Where legal obligations require longer retention than standard policy, the legally required period takes precedence.

GDPR (General Data Protection Regulation)

For EU residents, Admin complies with GDPR retention principles under Article 5(1)(e) — "storage limitation." Personal data is kept only as long as necessary for the stated purpose. Data subjects have the right to erasure under Article 17, subject to legitimate business and legal exceptions.

CCPA / CPRA (California Consumer Privacy Act)

California residents have the right to know what personal data is collected, request deletion, and opt out of the sale of their personal information. Admin provides dedicated tools for California residents to exercise these rights.

SOC 2 Type II

Admin maintains SOC 2 Type II certification, with retention controls verified annually by independent auditors. Audit logs are retained for a minimum of 1 year to meet SOC 2 monitoring requirements.

Tax & Financial Regulations

Billing and payment records are retained for a minimum of 7 years to comply with IRS requirements (United States) and equivalent tax authority regulations in other jurisdictions.

ℹ️

Legal Hold

If Admin is subject to a legal hold, court order, or litigation request, affected data will be preserved beyond standard retention periods regardless of category. Customers will be notified when a legal hold affects their data, to the extent legally permitted.

08 — Backup & Disaster Recovery

Admin maintains robust backup and disaster recovery procedures to ensure data availability and business continuity. Backup retention is separate from primary data retention and follows its own schedule.

Backup Schedule

Incremental Backups: Every 6 hours across all plan tiers.
Full Backups: Daily, encrypted, and stored in a geographically separate region.
Long-Term Retention Backups: Monthly archives retained for 1 year (Professional/Enterprise only).

Disaster Recovery Objectives

Metric	Professional Plan	Enterprise Plan
Recovery Time Objective (RTO)	4 hours	1 hour
Recovery Point Objective (RPO)	6 hours	1 hour
Backup Redundancy	2 regions	3 regions + offline archive
Failover Testing	Semi-annual	Quarterly

Backups are encrypted using the same keys as primary data. When primary data is deleted, corresponding backup copies are marked for destruction during the next backup rotation cycle (maximum 30 days). Enterprise customers with immediate backup deletion enabled will have backup copies removed within 24 hours of primary data deletion.

09 — GDPR Right to Erasure

Admin supports the GDPR right to erasure (Article 17) for all EU and UK residents. When a valid erasure request is received, Admin will:

Verify the identity of the requester to prevent unauthorized deletion.
Identify all personal data across Admin's systems associated with the data subject.
Remove the data from active systems within 24 hours of verification.
Propagate deletion to backup systems within 30 days.
Notify any third-party integrations that may hold copies of the data.
Send a deletion confirmation email to the data subject.

Exceptions to the right to erasure include data required for:

Compliance with legal obligations (e.g., tax records, fraud prevention)
Establishment, exercise, or defense of legal claims
Public interest tasks in the area of public health
Archiving purposes in the public interest, scientific or historical research

If an exception applies, Admin will inform the data subject of the reason and retain only the minimum data necessary for the specified purpose.

10 — Contact & Questions

If you have questions about this Data Retention Policy, need to submit a data request, or require clarification on Admin's data handling practices, please reach out through the following channels:

Channel	Contact	Response Time
Data Protection Officer	dpo@admin.com	Within 5 business days
General Inquiries	privacy@admin.com	Within 3 business days
Support Portal	support.admin.com	Within 24 hours
Enterprise Account Manager	Assigned per account	Within 4 business hours
Legal / Compliance	legal@admin.com	Within 5 business days

For urgent data security or privacy concerns, please contact our Security Team directly at security@admin.com or via the Incident Reporting Form.