Data Retention Policy
Last updated: January 3, 2026
Overview
This policy explains how long we retain different categories of data and the legal basis for each retention period. We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Our retention practices are designed to comply with GDPR, CCPA, UK GDPR, and the Australian Privacy Act.
Retention Periods by Data Category
| Data Category | Retention Period | Deletion Trigger | Legal Basis |
|---|---|---|---|
| Account Information | Account lifetime + 7 years | Account deletion + 7 years | Legal obligation (tax records) |
| Agent Execution Logs | 7-365 days (varies by plan) | Automatic based on subscription tier | Legitimate interests (debugging, support) |
| Email Processing Data | 30 days | Automatic | Contract performance |
| Indexed Knowledge | Configurable (default 2 years) | Per source configuration or customer request | Contract performance |
| Billing Records | 7 years | Account deletion + 7 years | Legal obligation (tax records) |
| Audit Logs (UK/EU) | 3 years | Automatic | Regulatory requirement (GDPR) |
| Audit Logs (Australia) | 2 years | Automatic | Regulatory requirement (Privacy Act) |
| Audit Logs (US) | 1 year | Automatic | Legitimate interests (compliance) |
| Support Tickets | 3 years | Automatic after ticket closure | Legitimate interests (support quality) |
| Marketing Consent Records | Until withdrawn | Customer request | Consent |
| Session Data | 24 hours | Automatic | Contract performance |
| Analytics Data | 26 months | Automatic | Legitimate interests (service improvement) |
Retention by Subscription Tier
Some retention periods vary based on your subscription tier:
| Tier | Agent Logs | Execution History | Knowledge Base |
|---|---|---|---|
| Basic | 7 days | 30 days | 6 months |
| Professional | 30 days | 90 days | 1 year |
| Pro Plus | 1 year | 1 year | 2 years |
Deletion Processes
Data is deleted through the following processes:
- Automatic Deletion: Data subject to automatic retention periods is deleted by scheduled jobs that run daily.
- Customer Request: Upon receiving a valid deletion request, we delete data within 30 days (GDPR) or 45 days (CCPA).
- Account Termination: When you terminate your account, all customer data is permanently deleted within 30 days, except data required for legal compliance.
- Backup Retention: Backups may retain deleted data for up to 30 additional days for disaster recovery purposes before being purged.
Exceptions to Deletion
We may retain data beyond the stated retention periods in the following circumstances:
- Legal Holds: When we are required to preserve data due to litigation, government investigation, or other legal requirements.
- Tax and Accounting: Financial records required for tax compliance (typically 7 years).
- Fraud Prevention: Data necessary to prevent fraud or enforce our terms of service.
- Anonymized Data: Data that has been fully anonymized is no longer considered personal data and may be retained indefinitely for analytics.
Data Export Before Deletion
Before account termination or upon request, you may export your data in the following formats:
- JSON: Machine-readable format for technical users
- CSV: Spreadsheet-compatible format for business users
To request a data export, contact us at privacy@outermind.ai.
Third-Party Data Retention
Our sub-processors have their own data retention policies:
- Microsoft Azure: Data deleted upon our request per our DPA
- Stripe: Payment data retained per PCI-DSS requirements
- Azure OpenAI: No data retention (zero data retention policy)
See our Sub-Processors page for the complete list.
Policy Updates
We may update this policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated through the Outermind dashboard or via email at least 30 days before they take effect.
Contact Us
For questions about our data retention practices, contact us at privacy@outermind.ai.