> ## Documentation Index
> Fetch the complete documentation index at: https://docs.squid.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Retention & Deletion Schedule

> What data we keep, for how long, and when/how it’s securely deleted.

*Last updated: June, 22, 2026*

Squid Academy retains personal data only for as long as it is needed for the purposes described in our [<u>Privacy Policy</u>](https://docs.google.com/document/u/6/d/1pJDPGOXueYFzt81Wzzv25-04_nuPi3seArJJkqm_d_4/edit) and to meet legal, contractual, and operational requirements.

This page summarizes the main retention periods and deletion procedures referenced in Section 12 of our [<u>Privacy Policy</u>](https://docs.google.com/document/u/6/d/1pJDPGOXueYFzt81Wzzv25-04_nuPi3seArJJkqm_d_4/edit) and Section 8 of our [<u>Data Processing Addendum</u>](https://docs.google.com/document/u/6/d/1IXgzc8vsrTkkPtnwghZ2pHGoR_ZyCeKdo2db0m7dNsw/edit).

## **1. Key Principles**

* **Purpose limitation** – We keep personal data only for as long as necessary for the specific purpose it was collected.
* **Legal obligations** – Some data must be retained for statutory reasons (e.g., tax, accounting, or child protection laws).
* **Customer instructions** – For organization-provisioned accounts, we follow the controller’s instructions for retention and deletion under our DPA.
* **Secure deletion** – When data is no longer needed, it is securely deleted or anonymized.

## **2. Standard Retention Periods**

| **Data Category**                   | **Examples**                               | **Standard Retention**                                                    | **Deletion / Anonymization Method**                                |
| :---------------------------------- | :----------------------------------------- | :------------------------------------------------------------------------ | :----------------------------------------------------------------- |
| **Account Data (Public Users)**     | Name, email, profile info                  | Kept until account deletion request or 24 months of inactivity            | Secure database deletion; backups overwritten within 35 days       |
| **Account Data (Org-Provisioned)**  | Name, username, org affiliation            | Retained until controller instructs deletion or contract ends             | Deleted per controller request; backups overwritten within 35 days |
| **Course & Activity Data**          | Assignments, grades, attendance            | Retained while account is active; deleted within 12 months after deletion | Secure deletion from LMS & storage systems                         |
| **Tournament Data**                 | Player IDs, match stats, leaderboards      | Kept for active season + 12 months                                        | Purged from tournament platform; anonymized for analytics          |
| **Payment & Billing Data**          | Billing name, address, transaction history | 7 years (tax & accounting compliance)                                     | Secure deletion from billing system                                |
| **Support & Communication Records** | Emails, chat transcripts, support tickets  | 24 months after case closure                                              | Secure deletion from ticketing platform                            |
| **Security Logs**                   | Login history, IP addresses, device info   | 12 months (security & fraud prevention)                                   | Automatic purge from log management system                         |
| **Marketing Data**                  | Newsletter sign-ups, marketing preferences | Until withdrawal of consent or inactivity for 24 months                   | Removed from CRM/email platform                                    |

## **3. Backup Data**

* Backups are retained for 35 days unless otherwise required by law or contract.
* Deleted data may remain in backups until the backup cycle expires. Backups are encrypted, and access is restricted.

## **4. Deletion Process**

1. **Trigger** – Retention period expires or a valid deletion request is received.
2. **Verification** – Confirm identity of requester (public users) or confirm request with controller (org-provisioned).
3. **Deletion** – Remove data from active systems.
4. **Backup purge** – Data naturally removed as backup cycles expire.
5. **Confirmation** – For DSR requests, confirmation sent to requester or controller.

## **5. Exceptions**

Some data may be retained beyond standard periods:

* To comply with legal obligations.
* To resolve disputes or enforce agreements.
* For ongoing investigations into misuse or violations.

## **6. Contact**

For questions about data retention or deletion: email [<u>privacy@squid.gg</u>](mailto:privacy@squid.gg) or [<u>Submit a Privacy Request</u>](https://drive.google.com/open?id=1IwxaKEtOAeDeaGgC6E3I_nLwY4zKsBp2XVnW1S_0gew)
