Legal & Compliance
Data Retention & Deletion Policy
This policy describes how SuperSend handles the retention and deletion of personal and business data. SuperSend complies with GDPR Article 5(1)(e), CCPA, and other applicable data protection regulations.
Version: v2025-10
Last Updated: October 20, 2025
1. Data Retention Principles
- •Purpose LimitationData is retained only as long as necessary for the provision of services or to fulfill contractual or legal obligations.
- •MinimizationTemporary and unnecessary data is deleted or anonymized automatically according to predefined schedules.
- •SecurityAll retained data is encrypted at rest (AES-256) and in transit (TLS 1.3).
2. Retention Periods
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Customer account data | Active subscription + 12 months | Full deletion upon account closure |
| Campaign and contact data | Until deleted by customer or 12 months after inactivity | Secure deletion via PostgreSQL purge and encrypted backup expiry |
| Exports and reports | 7 days | Automatic removal from AWS S3 |
| LinkedIn screenshots and debug data | 30 days | Automated cleanup job |
| Application and audit logs | 12 months | Log rotation and overwrite |
| Backups | 30-day rolling window | Encrypted deletion after expiry |
3. Data Deletion Process
- •Users can delete data directly via the SuperSend interface or API. Deletion requests are processed immediately.
- •Deletion cascades through all dependent systems, including Redis caches and backups, ensuring complete removal.
- •Confirmed deletions are logged for audit purposes and are irreversible after 30 days.
4. Customer Control
Customers have full control over their stored data and can request complete deletion by contacting dpo@supersend.io. Requests are completed within 30 days.
Last Updated Oct 20 2025 — GDPR Compliance v2025-10
Ready to Scale Your Outreach?
Join thousands of teams using SuperSend to transform their cold email campaigns and drive more revenue.