Data Retention & Deletion Policy
Last Updated: May 31, 2026
1. Introduction
This Data Retention & Deletion Policy explains how long we keep information, how it is stored securely, and how you can request full deletion at any time. The policy applies to all users of traxintel.com, including Deep Search and Continuous Monitoring clients.
2. Types of Data We Store
We handle three categories of data:
2.1 Account Data
- Email address
- Password (securely hashed)
- Login timestamps & security logs
- Subscription & billing status
2.2 Search Data
- Photos or images you upload
- Names, usernames, clues, or notes
- Information needed to perform your search
2.3 Report Data
- Search results and findings
- Analyst notes
- Match confidence scores
- Links, screenshots, and metadata used to verify activity
2.4 Billing & Payment References
- Stripe customer, subscription, Checkout Session, PaymentIntent, charge, invoice, refund, and dispute identifiers
- Selected product, plan, amount, currency, payment status, refund status, and dispute status
- Billing name, billing email, and billing address when needed for invoices, support, or compliance
- Display-safe payment method metadata such as brand, type, last four digits, and country
- Checkout security metadata such as IP address, user agent, rate-limit state, and non-blocking review signals
We do not store card PAN, CVC, or raw Stripe PaymentMethod objects. Stripe stores and processes those payment credentials.
2.5 Support, Privacy, And Data Access Records
- Support ticket subject, category, priority, message, status, and timestamps
- Receipt, Stripe, account, report, and secure-link references needed to route support
- Privacy, access, correction, deletion, and portability request history
- Audit notes showing how a request was verified, fulfilled, denied, or escalated
Support tickets should not include full target narratives unless support asks for them. Use Share & Export or secure links when report context is needed.
3. How Long We Keep Data
We keep each category of data for a different duration, based on privacy regulations and operational needs.
3.1 Deep Search (One-Time Report)
- Your uploaded data is retained for 30 days after report delivery.
- This allows you to download your report again if needed.
- After 30 days, all associated search data is automatically deleted.
3.2 Continuous Monitoring (Subscription)
- Search data remains active while monitoring is active.
- When you cancel your subscription, we keep data for 30 days in case you restart.
- After 30 days, all monitoring data is removed.
3.3 Account Data
- Account information is retained while your account is active.
- If you delete your account, core account data is permanently deleted within 90 days to honor fraud-prevention and verified data-access obligations.
- Security logs may be retained for 90 days for fraud prevention.
3.4 Payment Records
We retain local payment ledger entries, Stripe object IDs, invoices, refund/dispute references, and display-safe payment method metadata for accounting, support, fraud prevention, chargeback handling, and legal or tax obligations. Stripe retains full payment credentials and processor-side payment records under its own payment-network, tax, anti-fraud, and legal obligations.
Deleting search data or closing an account does not immediately remove immutable payment ledger references that we must preserve for accounting, dispute response, fraud prevention, or legal compliance. We minimize those retained billing entries to references and display-safe metadata.
3.5 Shared Links, Report Exports, And Downloaded Files
- Secure share links expire after the selected 7-day or 30-day window.
- Quick-share report links expire after 30 days.
- Active share links can be revoked from Share & Export when revocation history is available.
- Export events are retained with the report history for audit, support, abuse-prevention, dispute, and legal-accountability needs.
- Downloaded files, recipient copies, emails, screenshots, and files saved outside TraxIntel cannot be recalled after delivery.
3.6 Support Tickets And Privacy Requests
Support tickets, privacy requests, deletion requests, access requests, and related audit notes are retained while the account is active and for the period needed to resolve support, billing, security, abuse-prevention, dispute, tax, or legal obligations. We minimize target details in support records and preserve only the references needed to verify and route the request.
4. Requesting Immediate Deletion
You may request full deletion of your data at any time. This includes all:
- Uploaded photos
- Names, usernames, and clues
- Search activity
- Reports and findings
- Session and security logs (where legally permitted)
- Your entire account
To request deletion, email us at: [email protected]
We process all deletion requests within 24–48 hours.
Deletion requests can revoke active share links and remove local search, report, monitoring, and account records where allowed. Deletion does not recall downloaded exports, recipient copies, emails, screenshots, Stripe processor records, minimized billing ledger references, security logs, backup remnants within the backup window, or records under legal hold.
5. GDPR & International Privacy Compliance
Under GDPR and equivalent global privacy laws, you have the right to:
- Access your data (“Right of Access”)
- Correct inaccuracies (“Right to Rectification”)
- Request deletion (“Right to be Forgotten”)
- Restrict processing
- Export your data (“Data Portability”)
- Withdraw consent at any time
We honor GDPR requests after identity verification and without unnecessary delay. Data access exports may include account profile fields, onboarding draft metadata, report/export history, support ticket references, billing references, and security logs where available. They do not include raw Stripe card data, CVC, full payment credentials, third-party recipient copies, or restricted abuse and fraud signals.
6. How We Store & Protect Your Data
- AES-256 encryption at rest
- TLS/HTTPS encryption in transit
- Strict access controls (analyst-only per case)
- Isolated storage — no shared buckets
- No advertising, tracking, or data reselling
- No third-party access to search content
You remain fully anonymous during the entire process.
7. Contact
For deletion requests, privacy concerns, or GDPR questions, contact:
[email protected]
Also review the Privacy Policy for controller, subprocessor, access, and rights-request details.