Data Retention & Deletion Policy
How GuardRail retains and deletes customer and personal information.
Effective date: November 1, 2025
Purpose
This policy explains how GuardRail retains and deletes customer and personal information.
Active Accounts
Customer data is retained while accounts remain active and for as long as necessary to provide the Services.
Post Termination
Following termination, GuardRail may retain data for a reasonable period to allow export, recovery from deletion requests, billing finalization, dispute resolution, legal compliance, and security purposes.
Backups
Data may persist in encrypted backups for a limited time after deletion from live systems.
Logs and Security Records
Operational, access, and security logs may be retained longer where needed for fraud prevention, incident investigation, and legal compliance.
De-identified Data
GuardRail may retain aggregated or de-identified data that does not identify individuals or organisations.