All Compliance Documents
Data Retention Policy
Version: 1.0Last Updated: December 26, 2024Effective: December 26, 2024Tier 2 (Small Business/Commercial)
1. Introduction
This Data Retention Policy explains how long Grasp Visual (“we,” “us,” or “our”) retains different types of data collected through the Email to Print service and when we delete or anonymize such data.
2. Data Retention Principles
We retain data only for as long as necessary to:
- Provide the Service
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
- Protect our legitimate business interests
3. Data Retention Periods
3.1 Account Data
| Data Type | Retention Period | Reason |
|---|---|---|
| User account information (email, username) | While account is active + 90 days after deletion | Service operation, legal compliance |
| Authentication credentials | While account is active, deleted immediately upon account deletion | Security |
| License information | While license is active + 7 years after expiration | Legal compliance, dispute resolution |
| License usage statistics | 2 years | Service improvement, analytics |
3.2 Email and Processing Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Email content and attachments | Not stored on servers - Processed locally only | Privacy, data minimization |
| Email metadata (subject, sender, date) | While account is active, deleted with account | Service operation |
| Print history | While account is active, deleted with account | Service operation, user reference |
| Print patterns | While account is active, deleted with account | Service configuration |
3.3 Gmail OAuth Data
| Data Type | Retention Period | Reason |
|---|---|---|
| OAuth tokens | While account is active, deleted immediately upon revocation | Security, access management |
| Gmail access permissions | While account is active, deleted upon revocation | Access control |
3.4 Administrative Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Admin API keys | While active + 30 days after deactivation | Security, audit trail |
| Admin access logs | 2 years | Security, compliance, audit |
| Support communications | 3 years | Customer service, legal compliance |
| System logs | 90 days | Security, troubleshooting |
3.5 Legal and Compliance Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Legal documents and agreements | 7 years after termination | Legal compliance |
| Compliance records | 7 years | Regulatory compliance |
| Audit logs | 2 years | Security, compliance |
| Incident reports | 7 years | Legal, compliance |
4. Data Deletion Procedures
4.1 Account Deletion
When you delete your account:
- Immediate Deletion: Authentication credentials, OAuth tokens, personal preferences
- Within 30 Days: Account information, license data, usage statistics
- Within 90 Days: All associated data (except data required for legal retention)
4.2 Automatic Deletion
- Expired licenses: Data deleted 90 days after license expiration
- Inactive accounts: Data deleted after 2 years of inactivity (with notification)
- Temporary tokens: Deleted immediately after use or expiration
4.3 Manual Deletion Requests
You can request deletion of your data at any time:
- Submit a deletion request through the Service or by email
- We will process requests within 30 days
- Some data may be retained if required by law
5. Data Anonymization
Instead of deletion, some data may be anonymized:
- Purpose: Retain data for analytics and service improvement while protecting privacy
- Process: Remove all personally identifiable information
- Use: Anonymized data used only for aggregate analytics
6. Legal Retention Requirements
We may retain data longer than specified above if required by:
- Legal Obligations: Laws requiring data retention (e.g., tax records, financial records)
- Litigation: Ongoing or anticipated legal proceedings
- Regulatory Requirements: Industry-specific regulations
- Contractual Obligations: Agreements requiring data retention
7. Backup and Archive Data
7.1 Backup Retention
- Backup Frequency: Daily backups
- Backup Retention: 30 days
- Backup Deletion: Automatic deletion after retention period
- Backup Encryption: All backups encrypted
7.2 Archive Data
- Purpose: Long-term storage for legal/compliance requirements
- Retention: 7 years for legal/compliance data
- Access: Restricted access, encrypted storage
- Deletion: Automatic deletion after retention period
8. Data Location and Transfer
8.1 Data Storage Location
- Primary Storage: United States
- Backup Storage: United States
- Processing: Data processed in the United States
8.2 Data Transfer
- International Transfers: Data may be transferred to countries with adequate data protection laws
- Safeguards: Standard Contractual Clauses (SCCs) or other appropriate safeguards
- User Rights: You have the right to know where your data is stored
9. User Rights Regarding Data Retention
You have the right to:
- Access: Request information about data we retain
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal requirements)
- Portability: Request transfer of your data
- Objection: Object to processing based on legitimate interests
10. Special Categories of Data
10.1 Sensitive Personal Data
If we process sensitive personal data (which we currently do not):
- Retention: Minimum necessary retention period
- Security: Enhanced security measures
- Deletion: Immediate deletion when no longer needed
10.2 Children's Data
- Collection: We do not knowingly collect data from children under 13
- Retention: If discovered, deleted immediately
- Protection: Enhanced protection measures
11. Data Retention Exceptions
We may retain data beyond standard retention periods for:
- Active Disputes: Data related to ongoing disputes
- Legal Holds: Data subject to legal preservation requirements
- Fraud Prevention: Data related to suspected fraud or abuse
- Service Continuity: Data necessary for service continuity during transitions
12. Compliance with Regulations
12.1 GDPR (EU Users)
- Right to Erasure: Data deleted upon request (subject to exceptions)
- Data Minimization: Retain only necessary data
- Retention Limits: Clear retention periods specified
12.2 CCPA (California Users)
- Right to Delete: Data deleted upon verifiable request
- Retention Disclosure: Clear disclosure of retention practices
- No Discrimination: No discrimination for exercising rights
13. Review and Updates
13.1 Policy Review
- Frequency: Annual review or when regulations change
- Updates: Policy updated to reflect changes in law or practice
- Notification: Users notified of material changes
13.2 Retention Period Updates
- Changes: Retention periods may be updated based on legal requirements
- Notification: Users notified of significant changes
- Grandfathering: Existing data subject to previous retention periods unless legally required to change
14. Contact Us
For questions about data retention or to request data deletion, please contact us:
Grasp Visual
Email: info@graspvisual.com
Website: www.graspvisual.com
Address: 15201 Mason Rd 1000 - PMD 367, Cypress, TX 77433
Data Protection Officer (for GDPR inquiries):
Email: info@graspvisual.com
This Data Retention Policy is effective as of December 26, 2024. Last updated: December 26, 2024.