Retention and deletion

Last updated: 2026-04-11 • ← Privacy

Backbuild retains personal data only for as long as is necessary to deliver the service, meet legal obligations, and support legitimate business needs. The following table summarizes retention periods by category of data.

Retention schedule

Category	Retention period
User account data	For the life of the account, plus 30 days after deletion, after which records are purged.
Session data	Expires per session policy. Default refresh token lifetime is 30 days and default absolute session maximum is 12 hours.
Audit logs	1 year in hot storage, then 6 additional years in archival storage, for a total of 7 years (HIPAA-aligned).
SSO identity metadata	90 days after last use, after which idle identity records are pruned.
Support communications	3 years from the last interaction.
Billing records	7 years, as required by tax and financial reporting regulation.
Backups	Retained per backup rotation policy; deleted records are removed from backups on the backup's normal expiry schedule.

Deletion on account termination

When a customer terminates their account, personal data is deleted within 30 days of termination, consistent with GDPR Article 17 and the standard response window for data subject deletion requests. Specific categories subject to longer statutory retention — notably billing records — are retained for the applicable legal minimum and then deleted. A termination certificate confirming deletion is available upon request.

User-level deletion

Individual users can be deleted from the platform through an administrative action by the customer, or through a data subject request forwarded to Backbuild. Deletion is performed by api.user_delete_with_cascade, which removes the user across all distributed database shards along with their associated records. Audit log records that reference the deleted user are retained for the audit retention period but are redacted where required to comply with the erasure request.

Legal holds

Where Gable Digital Solutions, Inc. is required by law to retain records beyond the standard schedule — for example, in response to a valid legal process — a legal hold is applied to the affected records. Legal holds override the standard retention schedule for the duration of the hold. Where the law allows, Backbuild notifies the affected customer of the hold.

Deletion from backups

Active storage is the primary location for deletion. Backups retain a point-in-time copy of data until the backup itself expires on its rotation schedule. Backbuild does not selectively delete individual records from existing backups; instead, deleted records age out naturally as backups are rotated.