Trust

Retention and Export

This page clarifies dashboard availability, compliance audit record retention, export paths, and deletion process. It is not legal advice or a custom retention agreement.

Data category	Examples	Retention posture
Customer-facing dashboard decision records	Signal source, decision outcome, policy flags, response code, timestamps	Developer: 30 days; Pro: 1 year; Enterprise: negotiated
Compliance audit records	Decision evidence retained for compliance support and service operation	May differ from dashboard availability; governed by Privacy Policy or signed agreement
Account and site configuration	Company name, user email, domains, DPA status, API key metadata	Retained while the account is active, then deleted subject to legal and operational requirements
Billing records	Plan, Stripe customer ID, subscription status, invoices handled by Stripe	Retained as needed for billing, tax, accounting, dispute, and legal obligations

Export Process

Use dashboard evidence views for current self-serve decision-record access.
For larger exports or enterprise workflows, contact support with the account, site, requested period, and desired format.
GPCGuard may verify requester authority before exporting customer data.
Exports are scoped to the requesting tenant and do not include other customer data.

Deletion Process

Customers can request account closure or deletion review through support. Some records may be retained when needed for legal, billing, security, audit, or operational obligations. Enterprise agreements can define custom deletion and retention handling.

Tenant Isolation

Dashboard data is tenant-scoped through authenticated user paths and database policy boundaries. Export and deletion work should be scoped to the requesting account and verified before release or removal.