Data Retention Policy

Flinque Data Retention Policy

The short version, so you know how long we keep data

We retain personal data only for as long as it is needed for the purpose we collected it, plus any period required by law. Active account data stays while your subscription is active. Billing records are kept for 7 years for tax and audit compliance. Support tickets, logs, and backups have their own schedules. When retention periods end, data is deleted or anonymized on a regular cycle.

This page lists the specific retention periods for each data category, explains why we keep each type, and describes what happens when retention ends. It also covers legal holds, where we pause deletion due to litigation or investigations.

To request deletion of your data outside these retention periods, see our Data Removal and Right to Erasure Policy.

1. Retention Principles
2. Retention Schedule Overview
3. Account and Authentication Data
4. Billing and Payment Records
5. User Content and Workspace Data
6. Creator Public Data
7. Support and Communication Data
8. Marketing and Newsletter Data
9. Analytics and Telemetry
10. Security and Audit Logs
11. Backups
12. Job Applicant and HR Data
13. Legal Holds and Exceptions
14. Deletion and Anonymization
15. Contact for Retention Matters

1. Retention Principles

Our approach to data retention is guided by five principles:

• Purpose limitation: data is retained only for as long as necessary for the purpose it was collected
• Legal alignment: where laws require longer retention (tax, audit, legal defense), the legal minimum applies
• Minimization: where aggregated or anonymized data meets the purpose, we prefer that over identifiable retention
• Consistency: retention periods are documented and applied systematically, not case-by-case
• Auditability: deletion actions are logged so we can demonstrate compliance

These principles apply across the Flinque influencer marketing platform and all supporting systems.

We review retention periods at least annually and update them as laws, business needs, and data categories change.

2. Retention Schedule Overview

At-a-glance retention schedule for the main data categories:

Details for each category follow in Sections 3 through 12.

3. Account and Authentication Data

Account data includes your name, email, password hash, workspace configuration, authentication tokens, and session identifiers.

3.1 Active accounts

Retained for the duration of your subscription or Free Plan use. Session tokens expire based on session policy (typically 30 days of inactivity or explicit logout).

3.2 Inactive Free Plan accounts

Free Plan accounts that show no login activity for 12 consecutive months may be closed with prior notice. Data is then handled per the account closure schedule below.

3.3 After account closure

When your account closes (voluntarily or through inactivity):

• Immediate: session tokens revoked and active access disabled
• Within 30 days: account data deleted from production systems
• Within 90 days: data removed from backups during normal rotation
• Indefinitely (hashed/anonymized): minimal footprint retained for fraud prevention (for example email hashes of previously banned users)

3.4 Authentication tokens and credentials

API keys, session tokens, and refresh tokens are rotated per our security policy. Revoked tokens are retained for 30 days in invalidated form for forensic purposes, then deleted.

4. Billing and Payment Records

Billing and payment records are retained for longer periods due to tax, accounting, and audit requirements.

4.1 Invoice and transaction records

Retained for 7 years from the date of invoice. This period covers typical tax and audit requirements in major jurisdictions including the United States, the European Union, United Kingdom, Canada, and Australia.

4.2 Payment method details

Card numbers and payment credentials are not stored by Flinque. They are tokenized and held by our payment processor Stripe, subject to Stripe’s retention practices and PCI DSS requirements. We retain only transaction tokens and metadata.

4.3 Tax-related records

Tax receipts, VAT/GST records, and similar fiscal documents are retained for the period required by the applicable tax authority, generally 7 years.

5. User Content and Workspace Data

User Content includes creator lists, outreach templates, campaign notes, tags, annotations, and exports you create in your workspace.

5.1 Active workspace

User Content is retained while your workspace is active. You can delete individual items at any time; deletions take effect immediately in production and propagate through backups during normal rotation.

5.2 Closed workspaces

When a workspace closes, User Content is deleted from production systems within 30 days. Customers are encouraged to export their content before closing.

5.3 Shared content

Content shared externally (via share links or exports) outside Flinque is no longer under our retention control once downloaded or received by third parties.

6. Creator Public Data

Creator public data includes usernames, bios, profile photos, follower counts, and public post content aggregated from social platforms.

6.1 Active retention

Creator data is refreshed on a scheduled cadence. When a creator’s public profile changes on the source platform, we update our records during the next refresh cycle.

6.2 Profile deletion on source platform

When a creator’s profile is no longer available on the source platform (deleted, privatized, or banned), we mark our record as unavailable and typically remove it from active search results within 30 days.

6.3 Creator opt-out requests

Creators can request removal of their data per our Data Removal and Right to Erasure Policy. Verified removal requests are processed within 48 hours.

6.4 Historical archives

Aggregated or anonymized statistical data derived from creator information may be retained indefinitely for research and platform analytics, provided it cannot be used to re-identify individual creators.

7. Support and Communication Data

Support data includes help desk tickets, chat transcripts, screenshots, call recordings (with consent), and correspondence through our contact page, Technical Support, Report an Issue, and Improvement Feedback pages.

• Active tickets: retained for the duration of the support interaction
• Closed tickets: retained for 3 years after closure for quality assurance, dispute resolution, and training purposes
• Product feedback: aggregated and retained indefinitely in anonymized form for product improvement
• Call recordings: retained for 12 months where they exist, with consent obtained at the time of the call
• Security incident communications: retained for 5 years given their legal relevance

You can request earlier deletion of your support communications, subject to our need to retain records related to open issues or active disputes.

8. Marketing and Newsletter Data

Marketing data includes email subscriptions, webinar registrations, content downloads, and engagement tracking (opens, clicks).

• Active subscribers: retained until you unsubscribe or request deletion
• After unsubscribe: minimal data retained for 6 months to honor the unsubscribe request and prevent re-subscription by mistake
• After 6 months: subscriber record is anonymized or deleted
• Webinar registrations: retained for 24 months after the event for marketing follow-up; deleted or anonymized thereafter
• Content downloads: retained for 24 months for campaign analysis; deleted or anonymized thereafter

Unsubscribe tokens and preference signals are retained long enough to ensure we respect your preferences, even after other data is deleted.

9. Analytics and Telemetry

Analytics data includes how our website and platform are used: page views, feature usage, event counts, session durations, and similar telemetry.

• Identifiable analytics: retained for 14 months, then aggregated or anonymized
• Aggregated analytics: retained indefinitely (these cannot be traced back to individuals)
• Product usage tied to accounts: retained while the account is active, then deleted per Section 3
• Third-party analytics cookies: subject to the retention rules of each analytics provider, as described in our Cookie Policy

We prefer to aggregate analytics early to avoid retaining unnecessary personal details.

10. Security and Audit Logs

Logs are essential for security monitoring, incident investigation, and compliance. Retention balances security usefulness against minimization.

• Application logs: 12 months
• Authentication and authorization logs: 12 months
• Administrative access logs: 24 months given their compliance relevance
• API request logs: 6 months in detailed form, 24 months in aggregated form for trend analysis
• Security incident logs: 5 years given their investigative value
• Network and infrastructure logs: 3 months for routine logs, 12 months for security-related events

Logs are centralized in tamper-resistant storage as described in our Security Policy.

11. Backups

Backups are retained to enable recovery from incidents, data corruption, or disasters.

• Rolling backup window: 35 days of daily backups are maintained
• Weekly backups: retained for 3 months
• Monthly backups: retained for 12 months for disaster recovery
• Older backups: rotated out and destroyed per backup lifecycle policy

When personal data is deleted from production, it propagates out of backups during the normal backup rotation window. We do not selectively delete personal data from individual backup snapshots, as doing so would compromise backup integrity.

Backups are encrypted at rest and access is restricted to authorized recovery operations.

12. Job Applicant and HR Data

Data about job applicants through our Careers page is retained for specific periods.

• Applications for advertised roles: retained for 12 months after the role closes
• Speculative applications: retained for 12 months from receipt, renewable on request
• Candidates who were hired: application data moves into HR records under employment-related retention
• Candidates who opted into a talent pool: retained for 24 months with renewal reminders

Applicants can request earlier deletion of their application data through the Careers page or our contact page.

13. Legal Holds and Exceptions

Standard retention schedules can be overridden where data is subject to legal hold or specific exceptions.

13.1 Legal holds

When data is relevant to pending or reasonably anticipated litigation, regulatory investigation, law enforcement request, or internal compliance review, we suspend normal retention and preserve the data until the legal obligation is satisfied.

13.2 Fraud prevention records

Minimal identifiers (such as hashed emails) of accounts banned for fraud or policy violations may be retained indefinitely to prevent re-registration and repeat abuse.

13.3 Contractual obligations

Where Enterprise contracts specify different retention requirements, those contracts control for the relevant customer data.

13.4 Public interest and research

Anonymized or aggregated data may be retained beyond standard schedules for statistical research, industry analysis, and public interest reporting, provided it cannot reasonably be re-identified.

14. Deletion and Anonymization

When data reaches the end of its retention period, we either delete it or anonymize it.

14.1 Deletion

Deletion means the data is removed from our production systems and is not recoverable from business-accessible stores. Residual copies may persist briefly in backups until normal rotation flushes them.

14.2 Anonymization

Anonymization means personal identifiers are removed or replaced so the data can no longer be reasonably linked to an individual. Anonymized data may be retained beyond standard schedules for analytics, research, and reporting.

14.3 Audit of deletion

Scheduled deletion jobs log their actions so we can demonstrate compliance with this policy. Failed deletions trigger alerts for manual intervention.

14.4 Requesting earlier deletion

You can request deletion of specific data before its scheduled retention ends. We honor these requests subject to the exceptions in Section 13 (legal holds, fraud prevention, contractual obligations). See our Data Removal and Right to Erasure Policy for the full procedure.

15. Contact for Retention Matters

For questions about this Retention Policy or specific retention queries, contact us.