Data Retention & Deletion Policy
How we handle email data, extracted fields, logs, and backups
Last updated: Aug 30, 2025
This Data Retention & Deletion Policy ("Policy") explains how Inbox2Sheet handles email data, extracted fields, logs, and backups. It should be read together with our Privacy Policy, Data Processing Agreement, andSecurity page.
Why This Matters: This policy ensures GDPR compliance and gives you full control over how long your data is retained.
1. Retention Defaults
By default:
Raw Emails
Retained for up to 30 days after processing.
Extracted Data
Stored in your Inbox2Sheet account until you delete it, or until account closure.
Logs & Metadata
Retained for ≤30 days for debugging and monitoring.
Backups
Retained for ≤90 days on rolling cycles.
2. Customer Controls
Inbox2Sheet provides self-service data controls:
Mailbox Retention Settings
Choose retention periods: 0, 1, 7, 30, or 90 days.
Configure different retention periods for different mailboxes based on your compliance needs.
One-Click Purge
Delete all emails, templates, and associated data from a mailbox or account.
Immediate action for compliance requirements or data cleanup.
Manual Deletion
Delete specific records via the dashboard.
Granular control over individual data records and extracted fields.
Account Closure
On request, all Customer Data is permanently deleted within 30 days, backups within 90 days.
Complete data removal when you no longer need the service.
Competitive Note: Parseur offers mailbox-level retention and immediate purge; Mailparser defaults to 30 days, configurable to 0.
3. DSAR Requests
You may exercise your rights (access, rectification, erasure, portability) via our DSAR form or by contacting privacy@inbox2sheet.com.
Response Time: We respond to all data subject requests within 30 days as required by GDPR.
4. Exceptions
We may retain certain data longer where required:
Billing & invoices → retained for 6 years under tax law.
Required for financial compliance and audit purposes.
Security logs → retained for up to 12 months for fraud prevention and audit.
Essential for security monitoring and incident response.
Legal obligations → as required to comply with law or enforce agreements.
May include regulatory requirements or legal proceedings.
5. Deletion Process
Soft Delete
When you delete data, it is immediately inaccessible to users.
Data is marked for deletion but not yet permanently removed.
Permanent Deletion
Records are securely erased from active systems within 30 days.
Complete removal from production databases and storage systems.
Backups
Deleted on rolling cycles within 90 days.
Ensures data is completely removed from all backup systems.
Verification
Deletions are logged for audit and compliance.
Complete audit trail for regulatory and compliance purposes.
6. Customer Responsibility
As the Controller, you are responsible for:
7. Contact
For questions about retention or deletion, email privacy@inbox2sheet.com.
Data Subject Requests: Use our DSAR form for access, rectification, erasure, or portability requests.
Related legal documents