DATA RETENTION POLICY

This policy outlines how long SYNTHAUROS retains different types of data and the criteria used to determine retention periods.

Last updated: December 13, 2025

1. INTRODUCTION

This Data Retention Policy explains our approach to retaining personal information collected through our website and services. We retain data only for as long as necessary to fulfill the purposes for which it was collected, while complying with legal, regulatory, and business requirements.

Our retention periods are based on:

  • The nature of the data and its sensitivity
  • The purpose for which the data was collected
  • Legal and regulatory requirements
  • Business operational needs
  • Risk of harm from unauthorized access or disclosure

2. WEBSITE ANALYTICS DATA

Visitor Tracking Data

  • Data Type: IP addresses, browser information, pages visited, time spent
  • Retention Period: 30 days for active analysis, aggregated data retained indefinitely
  • Purpose: Website optimization and security monitoring
  • Legal Basis: Legitimate interest

Session Data

  • Data Type: Session identifiers, user preferences, temporary data
  • Retention Period: Session duration (typically 24-48 hours)
  • Purpose: Provide seamless user experience
  • Legal Basis: Contract performance

3. CONTACT AND COMMUNICATION DATA

Contact Form Submissions

  • Data Type: Name, email address, message content
  • Retention Period: 3 years after last interaction
  • Purpose: Respond to inquiries and maintain business records
  • Legal Basis: Legitimate interest / Contract performance

Newsletter Subscriptions

  • Data Type: Email address, subscription preferences
  • Retention Period: Until unsubscribed or 2 years of inactivity
  • Purpose: Send newsletters and promotional content
  • Legal Basis: Consent

Email Communications

  • Data Type: Email content, metadata, delivery status
  • Retention Period: 7 years for business communications
  • Purpose: Legal compliance and business record keeping
  • Legal Basis: Legal obligation

4. USER ACCOUNT DATA

Account Information

  • Data Type: Username, email, profile information
  • Retention Period: Duration of account + 3 years after deletion
  • Purpose: Account management and service provision
  • Legal Basis: Contract performance

Login and Security Data

  • Data Type: Password hashes, login attempts, security logs
  • Retention Period: 1 year for security logs, indefinitely for password data
  • Purpose: Account security and fraud prevention
  • Legal Basis: Legitimate interest / Legal obligation

5. COOKIE AND TRACKING DATA

Essential Cookies

  • Data Type: Session identifiers, CSRF tokens
  • Retention Period: Session duration
  • Purpose: Website functionality
  • Legal Basis: Legitimate interest

Analytics Cookies

  • Data Type: Usage patterns, page views, user behavior
  • Retention Period: 26 months (Google Analytics standard)
  • Purpose: Website optimization
  • Legal Basis: Consent

Marketing Cookies

  • Data Type: Advertising preferences, targeting data
  • Retention Period: 90 days to 2 years
  • Purpose: Personalized advertising
  • Legal Basis: Consent

6. FINANCIAL AND PAYMENT DATA

Payment Information

  • Data Type: Payment method details, transaction records
  • Retention Period: 7 years (tax and accounting requirements)
  • Purpose: Financial record keeping and dispute resolution
  • Legal Basis: Legal obligation

Billing Information

  • Data Type: Invoice details, billing addresses
  • Retention Period: 7 years
  • Purpose: Tax compliance and customer service
  • Legal Basis: Legal obligation

7. DATA DELETION AND ANONYMIZATION

Data Deletion Process

When retention periods expire or data is no longer needed, we:

  • Completely delete personal data from our systems
  • Remove data from backups (where technically feasible)
  • Anonymize data that needs to be retained for statistical purposes
  • Notify third parties to delete shared data

Right to Erasure

You have the right to request deletion of your personal data at any time, subject to legal limitations. We will respond to such requests within 30 days.

Data Minimization

We regularly review our data retention practices to ensure we only keep data that is necessary for our legitimate business purposes.

8. EXCEPTIONS AND EXTENSIONS

In certain circumstances, we may retain data for longer periods:

  • Legal Proceedings: Data may be retained if required for legal proceedings or investigations
  • Regulatory Requirements: Financial and tax data retained per regulatory requirements
  • Security Incidents: Security-related data retained for incident investigation and prevention
  • Backup Systems: Data may persist in backups until backup rotation (typically 90 days)

9. REVIEW AND UPDATES

This Data Retention Policy is reviewed annually or when significant changes occur in our data processing practices. Updates will be posted on this page with the revised date.

10. CONTACT INFORMATION

For questions about our data retention practices or to request data deletion:

Email: contact@synthauros.ch

Subject: Data Retention Inquiry

← BACK TO INFERNO
include 'templates/footer.php';