Data Retention Policy
Status: ACTIVE Owner: Daan ([email protected]) Effective: 2026-04-20 Last reviewed: 2026-04-20 Next review: 2026-10-20
Purpose
Define how long rotor.sh retains customer data and system logs, and how data is deleted when it is no longer needed.
Scope
All customer data stored by rotor.sh: job history (Redis + Postgres), audit events, webhook delivery logs, billing records, and team/user PII.
Retention Schedule
| Data Type | Free | Pro | Team | Enterprise |
|---|---|---|---|---|
| Active jobs (Redis) | 7 days after completion | 30 days | 90 days | 365 days |
| job_history (Postgres archive) | 7 days | 30 days | 90 days | 365 days |
| audit_event | 1 year | 1 year | 1 year | 1 year (+ custom on request) |
| Webhook delivery logs | Same as job history | Same | Same | Same |
| Billing records (Stripe) | Indefinite (legal) | Indefinite | Indefinite | Indefinite |
| Team / user PII | Until account deletion + 30 days | Same | Same | Same |
| COGS daily metrics | 2 years | N/A | N/A | 2 years |
Notes
- Retention enforcement: The nightly history archiver (
0 2 * * *UTC) moves completed/failed jobs from Redis to thejob_historyPostgres table according to the workspace's plan retention. After the retention period, jobs are permanently deleted from the archive. - Partition cleanup: Monthly Postgres partitions for
audit_eventandjob_historyolder than the applicable retention period are dropped by the monthly partition preflight job. - Enterprise custom retention: Enterprise customers with contractual requirements beyond 365 days should contact [email protected] to arrange a custom export pipeline.
PII Handling
- PII is redacted at the Guardrail Engine layer before job payloads reach workers (when
pii_redaction_enabled = truein the workspace guardrail config). - Auth PII (email, user_id) stored in Supabase
auth.usersis deleted within 30 days of account deletion via Supabase auth admin API. - Stripe billing PII is retained per Stripe's own retention policy (Stripe is the controller for payment card data; Rotor is a processor).
Data Deletion Requests
Customers may request deletion of their workspace data by emailing [email protected]. Rotor will acknowledge within 5 business days and complete deletion within 30 days (or within the timeframe required by applicable law).
Deletion covers:
- All jobs, job history, and audit events for the workspace
- Webhook endpoints and delivery history
- COGS daily metrics (if Enterprise)
- Team members and API keys
Deletion does NOT cover:
- Billing records required for legal/tax purposes (retained 7 years)
- Anonymized aggregate metrics that cannot identify the workspace
Review Cadence
Reviewed annually. Next review: 2026-10-20.