Data Retention Policy

1. Active Account Data

While your account is active, we retain all data necessary to provide the Service, including financial records, transaction data, journal entries, documents, and user activity logs.

2. Account Closure

When you close your account, your data enters a 90-day retention period. During this time:

• Your account is deactivated and inaccessible
• Your Stripe subscription is canceled
• You may request account recovery by contacting support@quoining.com
• After 90 days, all data is permanently and irreversibly deleted

3. Legal Retention Requirements

Certain data may be retained beyond the 90-day period as required by law:

• Tax records: 7 years (IRS requirement)
• Audit logs: Immutable and retained indefinitely for SOC compliance
• Payment records: As required by PCI DSS and applicable financial regulations
• Legal hold: Data subject to litigation hold will be retained until the hold is released

4. Data Export

You may export your data at any time from Settings > Account. The export includes your profile, company information, chart of accounts, and entity data in JSON format.

5. Data Deletion Requests

You may request immediate deletion of your data by contacting privacy@quoining.com. We will process your request within 30 days, subject to legal retention requirements.

6. Automated Data Cleanup

The following data is automatically purged:

• Rate limit entries: Purged after 24 hours
• Password reset tokens: Expire after 1 hour
• Email verification tokens: Expire after 24 hours
• Two-factor sessions: Expire after 8 hours
• Impersonation cookies: Expire after 10 minutes

7. Policy Review

This policy is reviewed quarterly by the engineering and compliance team. Material changes will be communicated via email to all active account holders at least 30 days before they take effect.

Contact

For questions about data retention, contact privacy@quoining.com.