Trust & Compliance

Data Retention Schedule

Transparency about how long we keep your data and why

Transparent Retention Right to Erasure Automated Deletion

FoxtInn retains data only as long as necessary for legitimate business and legal purposes. This schedule applies to all data processed by FoxtInn as both data controller and processor.

1. Customer Account Data

Data TypeRetention PeriodLegal BasisNotes
Account registration (name, email, phone)Duration of account + 30 days post-terminationContract performanceExported within 30-day window
Billing & payment records7 years after last transactionLegal obligation (IRS, SOX)Required for tax/audit compliance
Subscription historyDuration of account + 7 yearsLegal obligationIncludes plan changes, invoices
Support tickets & communications3 years after resolutionLegitimate interestQuality assurance, dispute resolution
Login & authentication logs180 daysLegitimate interest / SecurityFraud detection, access auditing
Account preferences & settingsDuration of accountContract performanceDeleted with account

2. Staff/Employee Data (Processed as Processor)

Data TypeRetention PeriodLegal BasisNotes
Employee profiles (name, role, contact)Duration of employment + Customer-configured retentionCustomer instruction (processor)Customer controls retention settings
Scheduling records24 months rolling defaultCustomer instructionConfigurable by Customer
Time & attendance logs36 months rolling defaultCustomer instruction / Legal obligationLabor law compliance varies by jurisdiction
Performance notesDuration of employmentCustomer instructionCustomer may configure shorter period
Training recordsDuration of employment + 12 monthsCustomer instruction / Legal obligationRegulatory compliance documentation

3. Guest Data (Processed as Processor)

Data TypeRetention PeriodLegal BasisNotes
Guest profiles (name, email, phone)12 months after last stay (default)Customer instructionCustomer configurable: 6/12/24 months
Check-in/check-out records24 monthsCustomer instruction / Legal obligationTax, hospitality regulation compliance
Guest preferences & requests12 months after last stayCustomer instructionDeleted with guest profile
ID verification data30 days after checkoutCustomer instruction / Legal obligationLocal ID laws may require longer
Guest feedback & reviewsDuration of Customer accountCustomer instructionAnonymized on guest profile deletion
Payment card dataNOT STORED by FoxtInnN/AProcessed directly by Stripe (PCI DSS)

4. Operational & AI Data

Data TypeRetention PeriodLegal BasisNotes
AI query logs (LALA interactions)90 daysLegitimate interestService improvement, debugging. No model training.
AI-generated outputs (reports, summaries)Duration of Customer accountContract performanceCustomer-owned content
Audit logs (admin actions)180 daysSecurity / Legal obligationCompliance monitoring
System performance logs90 daysLegitimate interestInfrastructure monitoring
Error & crash reports90 daysLegitimate interestBug fixing, stability

5. Marketing & Analytics Data

Data TypeRetention PeriodLegal BasisNotes
Website analytics (GA4)14 months (Google default)ConsentAggregated, IP-anonymized
Cookie consent records12 monthsLegal obligation (GDPR Art. 7)Proof of consent
Marketing email interactions24 months after last interactionConsent / Legitimate interestUnsubscribe honored immediately
Marketing pixel data (Meta, LinkedIn)Per platform retention policyConsentOpt-out available via cookie settings
Lead/contact form submissions24 monthsLegitimate interestBusiness development

6. Post-Termination Data Handling

  • 30-day export window: Customer may export all data via platform tools or request via support
  • 30 days post-termination: All Customer data deleted from production systems
  • 90 days post-termination: All Customer data purged from backups
  • Destruction certificate: Available on request confirming complete data deletion
  • Exceptions: Data required by law (tax records, audit logs) retained per legal minimums

7. Automated Deletion Processes

FoxtInn implements automated data lifecycle management:

  • Guest data automatic purge based on Customer-configured retention window
  • Session data automatic expiry (15-minute JWT tokens, session cookies)
  • Temporary files purged within 24 hours
  • Failed upload data purged within 7 days
  • Soft-deleted records hard-deleted after 30-day grace period

8. Your Rights Regarding Data Retention

  • Right to Erasure: Request deletion under GDPR Art. 17, CCPA, LGPD, or other applicable law
  • Right to Restriction: Request we limit processing while retaining data (GDPR Art. 18)
  • Right to Object: Object to processing based on legitimate interest (GDPR Art. 21)
  • Data Portability: Export data in machine-readable format before deletion
  • Contact: privacy@foxtcon.com
  • See also: International Privacy Rights for jurisdiction-specific timelines

9. Legal Hold & Exceptions

Data may be retained beyond standard periods when:

  • Subject to active legal proceedings
  • Required by court order or regulatory investigation
  • Necessary for fraud prevention in ongoing investigation
  • Required by tax/financial audit

Customers are notified when legal hold affects their data (unless prohibited by law).

10. Updates

Last updated: April 13, 2026. Reviewed quarterly.