Data Retention and Deletion Policy
Last updated: June 29, 2026
Effective date: June 27, 2026 · Version 1.0
How long ScaleIQ keeps data and how we delete it.
This Policy explains how long ScaleIQ retains data and how we delete it. It is part of our DPA and Privacy Notice.
Principles
- Purpose limitation — we retain data only as long as needed for the purpose it was collected.
- Customer control — for Customer Data, customers configure retention via in-app settings or contractual instructions; we follow those instructions.
- Legal holds — when required, we suspend deletion until the hold is lifted.
Retention schedule
| Data category | Active retention | After deletion / termination |
|---|---|---|
| Customer Data (tenant metadata, assessment results, findings) | For the subscription term, per customer configuration | Available for export for 30 days; deleted from production within 30 days; purged from backups within 90 days |
| Account & user profile data | For the life of the account | Deleted within 90 days of account closure, except where retention is required by law |
| Audit logs | 13 months by default; configurable up to 7 years on enterprise plans | Deleted at the end of the retention window |
| Application logs & telemetry | 30 days full; 13 months aggregated | Rolling deletion |
| Backups | 35-day rolling window | Rolling deletion |
| Billing & tax records | 7 years (US) / per local law | Retained for legal compliance |
How deletion works
Deletion runs through automated jobs that mark records inactive in primary storage (Azure SQL), then irrecoverably remove them within the windows above. Backups follow the rolling-window schedule and are encrypted at rest; restored data inherits the original deletion state.
Customer-initiated deletion
Authorized administrators can delete records and workspaces in-app or request bulk deletion via privacy@scale-iq.ai. Confirmation can be provided on request. Revoking tenant consent through the offboarding workflow stops processing and triggers deletion per this schedule.