Effective
2026-05-03
Last verified
2026-06-28
Status
legal-review
Owner
Legal and Product

NetQnect Data Retention Schedule

Draft status: for legal review before publication.

Effective date: 2026-05-03

Contact: legal@netqnect.com

1. About This Schedule

This schedule sets target retention periods for NetQnect personal data. It must be aligned with the implemented deletion, export, backup, archive and processor controls before publication.

2. Retention Principles

NetQnect should:

  • keep personal data only for as long as needed;
  • minimise data used in logs, traces and analytics;
  • delete or anonymise data when the purpose ends;
  • retain limited audit records where needed for security, legal, accounting or rights-request proof;
  • avoid retaining full personal-data archives after user deletion unless there is a documented lawful basis and expiry period.

3. Target Retention Periods

Account data

  • Active account lifetime.
  • Delete or anonymise within 30 days of account deletion, except limited records needed for legal, security or accounting reasons.

Profile data

  • Active profile lifetime.
  • Delete or anonymise within 30 days of profile or account deletion.

Connections, QR scans and Qnect activity

  • Active account lifetime.
  • Delete or anonymise within 30 days of account deletion, including nested notes, tasks, memory, opportunities and related subcollections.

User-to-user messages and conversation metadata

  • Active account lifetime while the conversation remains needed by at least one participant.
  • A user may archive their own conversation copy where the product supports it.
  • If a participant deletes their account or a connection is removed, disable new messages in the shared conversation and delete or anonymise the departing participant's personal data within 30 days of account deletion, while preserving the other participant's own messages where they still need their record.
  • Do not retain all app message content solely because separate support email, business, tax or accounting records may have longer legal retention. Limited security, abuse, dispute, rights-request, legal-hold and backup exceptions must be documented.

User media and uploaded files

  • Active account, profile, team, event or message lifetime, depending on the feature that uses the file.
  • Delete account-owned files under the user's account Storage area within 30 days of account deletion where practical.
  • Shared, team, event, imported-provider or organiser-controlled media may need deletion, anonymisation, reassignment, retention under another user's or organiser's lawful basis, or a documented exception.
  • Do not retain media solely because a file existed in technical storage; retention should follow the feature purpose, legal/security exception or backup expiry rule.

Assistant messages and AI outputs

  • Active account lifetime unless the user deletes a thread earlier.
  • Delete or anonymise within 30 days of account deletion.

AI traces, debug logs and safety review records

  • Production target: 7 days unless retained for a live security, abuse, legal or support issue.
  • Staging and development target: 10 to 21 days, using redacted or test data where practical.

Embeddings, vector records and graph records

  • Active profile, event or relationship lifetime.
  • Delete or rebuild without the user's data within 30 days of profile, event or account deletion.

Event attendance and check-ins

  • Active account or event organiser need.
  • Delete or anonymise user-linked records within 30 days of account deletion, unless an organiser has an independent lawful basis to retain records.

Connected-service tokens

  • While the integration is connected.
  • Delete immediately on disconnect where practical, and within 24 hours as a service target.

Imported connected-service data

  • While needed for the connected feature.
  • Delete or refresh when the integration is disconnected, consent is withdrawn or the account is deleted.

Analytics and product usage data

  • Identifiable product analytics target: up to 14 months.
  • Aggregate or anonymised analytics may be kept longer if users are no longer identifiable.

Crash, performance and diagnostic data

  • Target: up to 90 days for identifiable records unless needed for a live incident.

Consent history

  • Active account lifetime plus up to 6 years after closure or deletion where needed to prove consent, withdrawal, policy version or rights handling.
  • Store minimal evidence, not full activity histories.

Billing, invoices and tax records

  • Up to 7 years where required for tax, accounting, chargeback, audit or legal obligations.

Support requests and contact forms

  • Up to 24 months after resolution unless needed for legal, security or customer relationship reasons.

Security logs and abuse records

  • Up to 12 months, or longer where needed for an investigation, legal claim or platform security.

Backups

  • Rolling backup retention target: up to 35 days.
  • Backups should be encrypted and should expire automatically.

Marketing preferences and suppression records

  • Until withdrawn or replaced.
  • Suppression records may be retained to make sure users are not contacted again after opt-out.

4. Deletion Requirements

Account deletion should cover:

  • Firebase Auth user records;
  • Firestore account, profile, connection, nested relationship and event data;
  • user-to-user message content and conversation metadata, using deletion, archive, read-only or anonymisation behavior appropriate to multi-party records;
  • assistant messages, actions, traces and token usage;
  • Firebase Storage media;
  • vectors and embeddings;
  • graph database records;
  • worker databases, queues and caches;
  • connected-service tokens and imported data;
  • analytics identifiers where deletion is supported by the provider.

5. Review

This schedule should be reviewed before launch and whenever retention behaviour changes.