Skip to main content
FleyeMapsBack to home

Data Retention Policy

Last updated: 2026-04-28

This policy summarizes how long FleyeMaps retains different categories of customer data. It supplements the Privacy Policy and Data Processing Addendum and is binding on FleyeMaps' operations.

Retention table

| Category | Default retention | Notes | |---|---|---| | Flight position history | 90 days | Configurable per tenant via FLIGHT_HISTORY_TTL_DAYS. FleyeBack add-on extends to 14 days hot + 6 months cold. FleyeBack+ extends further. | | Audit logs (admin actions, SSO config changes, billing events, deletion requests) | 730 days (2 years) | Pruned by audit-log cron after retention. Available for SOC 2 evidence. | | Authentication sessions | 8 hours active, 30 days dormant | Idle sessions expire and are purged. | | Stripe payment records | Indefinite | Held by Stripe per their PCI-DSS retention. FleyeMaps stores customer ID and subscription ID only. | | Support tickets and comments | Indefinite while account is active; purged with account on GDPR deletion | | | Soft-deleted records (links, alerts, API keys) | 30 days | Hard-deleted by the purge-deleted cron after grace window. | | Backups | 35 days | Azure Postgres point-in-time recovery; per-region geo-redundant. | | Application logs (Application Insights traces) | 90 days | Configurable in Azure. | | Marketing email subscribers (if opted in) | Until unsubscribe | Transactional emails are not subject to opt-in. |

Tenant-initiated deletion

When a tenant admin requests account deletion via the dashboard, the account enters a 30-day cancellation grace period during which it can be restored. After 30 days, the process-deletions cron permanently deletes the tenant's Azure resources, database rows, and audit references. Stripe billing records are retained per Stripe's policy.

Customer data export

Customers may export their data at any time from the dashboard (/dashboard/settings). The export contains tenant configuration, published links, alert rules, team members, support tickets, and the most recent 1,000 flight history records as JSON.

Backups outside the retention window

Tenant data may persist briefly in encrypted backup snapshots beyond the retention windows above due to backup cadence. Backups are inaccessible to FleyeMaps staff except in disaster recovery scenarios and are permanently deleted no later than 35 days after the source row was deleted.

Legal hold

Where retention beyond the periods above is required for legal, regulatory, or contractual reasons (e.g. an active subpoena), the relevant data may be retained until the obligation lapses. Affected customers will be notified to the extent permitted by law.