Lensym← Back home

Data Retention

How long we keep data

Data Retention Policy

Our comprehensive policy on how long we retain different types of data and the principles that guide our retention decisions.

Last updated: September 14, 2024
Version 1.2

Retention Principles

The core principles that guide our data retention decisions

Our data retention policy is built on the principle of data minimization: we only keep data for as long as necessary to provide our services, comply with legal obligations, or protect our legitimate interests.

Purpose Limitation

We only retain data for the specific purposes for which it was collected, and delete it when those purposes are fulfilled.

User Control

You have full control over your data retention periods and can delete your data at any time through your account settings.

Legal Compliance

We comply with all applicable data retention laws and regulations, including GDPR and Dutch privacy law.

Secure Deletion

When data reaches its retention limit, it is securely and permanently deleted from all our systems and backups.

Retention Periods by Data Type

Specific retention periods for different categories of data

Account and Profile Data

Account information (email, name)

Required for account functionality

Until account deletion
Authentication data

Passwords, passkeys, MFA settings

Until account deletion
Profile preferences

UI settings, notifications, etc.

Until account deletion

Survey Content and Responses

Survey questions and content

Surveys you create

User controlled
Survey responses

Data collected from respondents

User controlled
Survey analytics

Aggregated response data

User controlled

Note: You have complete control over survey data retention. Data is kept until you explicitly delete it or close your account.

Technical and Security Data

Access logs

Login times, IP addresses

90 days
Error logs

Technical debugging information

30 days
Security monitoring data

Threat detection, anomaly detection

180 days
Performance metrics

Anonymous usage statistics

1 year

Billing and Payment Data

Payment information

Credit card data (tokenized via Stripe)

Until card expires or removed
Invoice records

Billing history and receipts

7 years (tax compliance)
Subscription history

Plan changes, usage records

3 years

Backup and Archive Retention

How long data persists in our backup systems

Even when you delete data from your account, copies may temporarily persist in our backup and archive systems. Here's how we handle backup data retention:

Daily Backups

  • Retention: 30 days
  • Purpose: Disaster recovery
  • Location: EU data centers
  • Encryption: AES-256

Archive Backups

  • Retention: 90 days
  • Purpose: Long-term recovery
  • Location: EU data centers
  • Encryption: AES-256

Important Notes

  • Deleted data is marked for purging and excluded from new backups
  • Backup data is automatically purged after retention periods
  • We cannot selectively delete data from existing backup archives
  • All backup data is encrypted and access-controlled

Legal and Compliance Retention

Data we must retain for legal or regulatory reasons

In some cases, we may be required to retain certain data for longer periods to comply with legal obligations:

Tax and Financial Records

7 years

Dutch tax law requires us to maintain financial records for 7 years.

Includes: Invoices, payment records, VAT documentation

Security Incident Records

3 years

GDPR requires maintaining records of security incidents and breach notifications.

Includes: Incident reports, remediation actions, notifications sent

Data Processing Records

3 years

GDPR Article 30 requires maintaining records of processing activities.

Includes: DPA records, consent logs, data subject requests

Account Closure and Data Deletion

What happens when you close your account

Account Deletion Process

1
Immediate: Account access disabled, data marked for deletion
2
30 days: Grace period for data recovery (contact support)
3
After 30 days: All personal data permanently deleted
4
90 days: Data purged from all backups

What Gets Deleted

  • All account information and profile data
  • All surveys and collected response data
  • All analytics and reporting data
  • All technical logs containing personal data
  • All backup copies (after retention periods)

What We Keep

  • Financial records (anonymized, for tax compliance)
  • Security incident records (anonymized)
  • Aggregated, anonymous usage statistics
  • Records required for legal compliance (anonymized where possible)

Your Data Retention Controls

How you can manage your data retention preferences

Available Controls

  • Survey-level deletion: Delete individual surveys and all associated data
  • Response management: Delete specific survey responses
  • Account export: Download all your data before deletion
  • Scheduled deletion: Set automatic deletion dates for surveys
  • Bulk operations: Delete multiple surveys or responses at once

Data Export Options

Before deleting data, you can export it in multiple formats:

  • CSV/Excel: Response data for analysis
  • JSON: Complete survey structure and data
  • PDF: Survey reports and analytics
  • SPSS/R: Statistical analysis formats

Contact Us About Data Retention

Questions about our retention policies

Retention Questions

Email: privacy@lensym.com
Subject: Data Retention Question
Response time: Within 48 hours

Deletion Requests

Email: privacy@lensym.com
Subject: Data Deletion Request
Response time: Within 30 days

Enterprise Customers

Need custom retention periods or special deletion procedures? Contact our enterprise team at enterprise@lensym.com to discuss your requirements.