Last updated: [Month DD, YYYY] Squid Academy retains personal data only for as long as it is needed for the purposes described in our Privacy Policy and to meet legal, contractual, and operational requirements. This page summarizes the main retention periods and deletion procedures referenced in Section 12 of our Privacy Policy and Section 8 of our Data Processing Addendum.Documentation Index
Fetch the complete documentation index at: https://docs.squid.gg/llms.txt
Use this file to discover all available pages before exploring further.
1. Key Principles
- Purpose limitation – We keep personal data only for as long as necessary for the specific purpose it was collected.
- Legal obligations – Some data must be retained for statutory reasons (e.g., tax, accounting, or child protection laws).
- Customer instructions – For organization-provisioned accounts, we follow the controller’s instructions for retention and deletion under our DPA.
- Secure deletion – When data is no longer needed, it is securely deleted or anonymized.
2. Standard Retention Periods
| Data Category | Examples | Standard Retention | Deletion / Anonymization Method |
|---|---|---|---|
| Account Data (Public Users) | Name, email, profile info | Kept until account deletion request or 24 months of inactivity | Secure database deletion; backups overwritten within 35 days |
| Account Data (Org-Provisioned) | Name, username, org affiliation | Retained until controller instructs deletion or contract ends | Deleted per controller request; backups overwritten within 35 days |
| Course & Activity Data | Assignments, grades, attendance | Retained while account is active; deleted within 12 months after deletion | Secure deletion from LMS & storage systems |
| Tournament Data | Player IDs, match stats, leaderboards | Kept for active season + 12 months | Purged from tournament platform; anonymized for analytics |
| Payment & Billing Data | Billing name, address, transaction history | 7 years (tax & accounting compliance) | Secure deletion from billing system |
| Support & Communication Records | Emails, chat transcripts, support tickets | 24 months after case closure | Secure deletion from ticketing platform |
| Security Logs | Login history, IP addresses, device info | 12 months (security & fraud prevention) | Automatic purge from log management system |
| Marketing Data | Newsletter sign-ups, marketing preferences | Until withdrawal of consent or inactivity for 24 months | Removed from CRM/email platform |
3. Backup Data
- Backups are retained for 35 days unless otherwise required by law or contract.
- Deleted data may remain in backups until the backup cycle expires. Backups are encrypted and access is restricted.
4. Deletion Process
- Trigger – Retention period expires or a valid deletion request is received.
- Verification – Confirm identity of requester (public users) or confirm request with controller (org-provisioned).
- Deletion – Remove data from active systems.
- Backup purge – Data naturally removed as backup cycles expire.
- Confirmation – For DSR requests, confirmation sent to requester or controller.
5. Exceptions
Some data may be retained beyond standard periods:- To comply with legal obligations.
- To resolve disputes or enforce agreements.
- For ongoing investigations into misuse or violations.