Last updated: May 15, 2026
Data Retention Schedule
This Schedule sets out the periods for which Revsnap retains personal and customer data processed in connection with the service. It supports the Privacy Policy and DPA.
| Data category | Active retention | Post-termination | Legal basis |
|---|---|---|---|
| Account / identity (user records, workspace membership) | Lifetime of account | 90 days after closure (restorable on request), then deleted | Performance of contract |
| Authentication artefacts (sessions, API key hashes) | Lifetime of relevant session / key | Deleted on revocation or account closure | Performance of contract |
| Salesforce OAuth tokens (Vault) | Until customer disconnects org | Deleted within 30 days | Performance of contract |
| Snapshots (Storage objects and DB rows) | Customer-controlled | 30 days after subscription end, then deleted | Performance of contract |
| Test run metadata / results | Customer-controlled | 30 days after subscription end, then deleted | Performance of contract |
| Billing records, invoices | Lifetime of subscription | 6 years from end of accounting period | UK statutory accounting requirements (HMRC); equivalent under other regimes |
| Audit log (workspace_audit_log) | 12 months online | Up to 24 additional months in cold storage if required for regulator or security response | Legitimate interests (security, regulator response) |
| Product analytics (PostHog, consent-gated) | Up to 12 months | Deleted on subscription end or consent withdrawal | Consent |
| Server / application logs | 30 days | Deleted | Legitimate interests (security, debugging) |
| Sub-processor records | Lifetime of relationship | 3 years after end of relationship | Legitimate interests (audit defence) |
| Marketing communications opt-in records | Until withdrawn | 3 years after withdrawal | Demonstrating consent (PECR) |
| Security incident records | 6 years | n/a | Defence of legal claims, regulator response |
Deletion procedure
- Active deletion uses the Service’s normal deletion paths (UI, API, or DSR runbook for authenticated requests).
- Residual copies in Supabase platform PITR and backup archives are overwritten in the normal course of platform backup retention. While retained, they continue to be protected by our security controls and the DPA.
- Account closure is final after the 90-day grace period.
Customer-initiated overrides
Customers may request shorter retention via Enterprise Order Form terms; we will accommodate where technically feasible and not in conflict with statutory retention.