Data Retention Policy
Data Retention Policy – Freeck
Last updated: 2025-02-10
This document defines how long different categories of data are retained, in accordance with GDPR Art. 5(1)(e).
1. Purpose
Ensure minimal retention and automatic deletion of data that is no longer needed.
2. Retention Table
| Data Type | Description | Storage | Retention | Deletion Method |
|---|---|---|---|---|
| User Account | Email + UID | Firebase Auth | Until account deletion | Firebase automatic |
| User Metadata | Optional profile fields | Firestore | Until deletion request | Manual/script |
| Event Authorizations | Signed tokens | Firestore | Event end + 30 days | Cleanup script |
| Offline Pending Data | Local SQLite | Device | Until sync OR 24h max | Auto-delete in app |
| Analytics | Usage data (non-identifiable) | Firebase Analytics | 14 months | Automatic |
| Crash Logs | Error diagnostic | Crashlytics | 90 days | Automatic |
| Support Emails | User support communications | 12 months | Manual |
3. Retention Principles
- Store data only as long as needed
- Offline data must be short-lived
- Event data must be purged after completion
- Users may request earlier deletion of their account/data
4. Deletion Triggers
- Successful synchronization (offline data)
- Event completion (authorizations)
- Account deletion request
- Automated retention window expiry (scheduled tasks)
5. Review Cycle
This policy must be reviewed every 12 months or after major feature changes.