This page explains how long we retain different types of data and what happens when you delete your account. We follow the principle of storage limitation (AVG Art. 5(1)(e)): data is kept no longer than necessary for its purpose.
Retention Periods
| Data Type | Retention Period | On Account Deletion | Legal Basis |
|---|---|---|---|
| Account data Email, name, settings | Duration of account | Deleted within 30 days | Contract (Art. 6(1)(b)) |
| Billing records Invoices, payment history | 7 years | Retained per fiscal law | Legal obligation (AWR Art. 52) |
| Validation results Bulk job results | 7 days after completion | Already expired or deleted | Processor agreement |
| Contact lists Names, emails, addresses | Duration of account | Deleted immediately | Processor agreement |
| Subscriber data Subscribers, consent records | Duration of account | Deleted immediately | Processor agreement |
| Campaign data Sends, templates | Duration of account | Deleted immediately | Processor agreement |
| Tracking events Opens, clicks, web events | Configurable: 30 to 730 days (default 365) | Deleted immediately | Processor agreement |
| Inbound messages Bounces, complaints, replies | Up to 365 days | Deleted immediately | Processor agreement |
| Audit logs Actions, IP addresses | 2 years maximum | Deleted immediately | Legitimate interest (accountability) |
| API tokens Token prefix, usage stats | Duration of account | Revoked and deleted | Contract (Art. 6(1)(b)) |
| Server logs Request logs, error logs | 90 days | Rotated automatically | Legitimate interest (security) |
What Happens When You Delete Your Account
When you delete your account through your dashboard settings, we perform a complete data deletion cascade covering all associated records. This process:
- Deletes all tracking events, web events, and engagement data
- Deletes all inbound messages (bounces, complaints, replies)
- Deletes all campaign data, sends, and templates
- Deletes all contact lists and subscriber lists with their entries
- Deletes all validation jobs and results
- Revokes and deletes all API tokens
- Deletes all webhook configurations and delivery records
- Deletes all suppression entries and audit logs
- Cancels any active Stripe subscription
- Permanently removes your user account
A 3-day cooldown period prevents immediate re-registration with the same email address (anti-abuse measure).
Data We Must Retain
Even after account deletion, certain data is retained where required by law:
- Billing records: Dutch fiscal law (Algemene wet inzake rijksbelastingen Art. 52) requires retention of financial records for 7 years. These records are maintained by our payment processor (Stripe).
- Consent evidence: Records proving that consent was validly obtained are retained for up to 2 years after withdrawal, as required for accountability under Art. 5(2) and Art. 7(1).
Configurable Retention
Account administrators can configure the retention period for tracking events (opens, clicks, web events) between 30 and 730 days. The default is 365 days. Auto-purge can be enabled to automatically delete data past the configured retention period. These settings are available at Settings > Privacy.
Additional Documentation
For more details about how we handle your data, see our Privacy Policy, Data Processing Agreement, and Data Subject Rights page. Additional compliance documentation (DPIAs, processing register, transfer impact assessments) is available upon request to dpo@mailodds.com.
Contact
- Privacy: privacy@mailodds.com
- Data Protection Officer: dpo@mailodds.com
- Address: Nassaukade 51 2, 1052CN Amsterdam, The Netherlands
- KVK: 99761246