This page explains how long we retain different types of data and what happens when you delete your account. It spans the full MailOdds platform: storefront orders and customers, payments and returns, the visitor identity graph, owned email and SMS/RCS sending, validation, and inbound processing. We follow the principle of storage limitation (AVG Art. 5(1)(e)): data is kept no longer than necessary for its purpose.
Retention Periods
| Data Type | Retention Period | On Account Deletion | Legal Basis |
|---|---|---|---|
| Account data | Duration of account | Deleted within 30 days | Contract (Art. 6(1)(b)) |
| Billing records | 7 years | Retained per fiscal law | Legal obligation (AWR Art. 52) |
| Bulk validation results | 7 days after job | Auto-expired | Processor agreement (Art. 28) |
| Store orders | Per merchant policy; tax window where applicable | Per merchant instruction | Processor agreement (Art. 28) |
| Store customers | Duration of account / per merchant policy | Erased on DSAR (order rows may be retained for tax) | Processor agreement (Art. 28) |
| Storefront visitor events | Configurable, default 365 days | Immediate | Consent / legitimate interest |
| Visitor identity graph & scores | Probabilistic links 30-day decay; email-anchored until erasure | Severed on erasure | Legitimate interest (Art. 6(1)(f)) |
| Contact / subscriber lists | Duration of account | Immediate | Processor agreement (Art. 28) |
| Campaign data & engagement events | Per merchant policy | Immediate | Processor agreement (Art. 28) |
| SMS/RCS opt-in records | 4 years | Retained for compliance proof | Consent + legal obligation (TCPA 47 CFR 64.1200) |
| SMS/RCS message logs | ~90 days | Immediate | Processor agreement (Art. 28) |
| Inbound messages (bounces/complaints/replies) | Up to 365 days (default ~90) | Immediate | Legitimate interest (deliverability) |
| Audit logs | Up to 2 years | Immediate | Legitimate interest (accountability) |
| API tokens | Duration of account | Revoked/deleted | Contract (Art. 6(1)(b)) |
| Server logs | 90 days | Rotated | Legitimate interest (security) |
What Happens When You Delete Your Account
When you delete your account through your dashboard settings, we perform a complete data deletion cascade covering all associated records across the platform, not just email. This process:
- Deletes all storefront orders and customer records (subject to the tax-retention exception below)
- Deletes all returns, refund records, and dispute evidence
- Severs the visitor identity graph: probabilistic device links, email-anchored links, and inferred intent/risk scores
- Deletes all storefront visitor events and SDK tracking data
- Deletes all SMS/RCS subscriber records and message logs (opt-in proof retained only where compliance law requires, see below)
- Deletes all email campaign data, sends, templates, and engagement events
- Deletes all contact lists and subscriber lists with their entries
- Deletes all inbound messages (bounces, complaints, replies)
- Deletes all validation jobs and results
- Revokes and deletes all API tokens
- Deletes all webhook configurations and delivery records
- Deletes all suppression entries and audit logs
- Disconnects and removes credentials for any connected store (Shopify, Salesforce)
- Cancels any active Stripe subscription and disconnects Stripe Connect payouts
- Permanently removes your user account
A 3-day cooldown period prevents immediate re-registration with the same email address (anti-abuse measure).
Data We Must Retain
Even after account deletion, certain data is retained where required by law:
- Billing records: Dutch fiscal law (Algemene wet inzake rijksbelastingen Art. 52) requires retention of financial records for 7 years. These records are maintained by our payment processor (Stripe).
- Storefront order rows: Where order records form part of the merchant's own fiscal or transaction-keeping obligations, individual order rows may be retained for the applicable tax-retention window even though customer profiles are erased.
- SMS/RCS opt-in proof: Records evidencing valid SMS/RCS consent (IP, user-agent, timestamp) are retained for 4 years to satisfy telemarketing-consent recordkeeping (TCPA, 47 CFR 64.1200) before being deleted.
- Consent evidence: Records proving that consent was validly obtained are retained for up to 2 years after withdrawal, as required for accountability under Art. 5(2) and Art. 7(1).
Configurable Retention
Account administrators can configure the retention period for tracking events (opens, clicks, web events) between 30 and 730 days. The default is 365 days. Auto-purge can be enabled to automatically delete data past the configured retention period. These settings are available at Settings > Privacy.
Additional Documentation
For more details about how we handle your data, see our Privacy Policy, Data Processing Agreement, and Data Subject Rights page. Additional compliance documentation (DPIAs, processing register, transfer impact assessments) is available upon request to dpo@mailodds.com.
Contact
- Privacy: privacy@mailodds.com
- Data Protection Officer: dpo@mailodds.com
- Address: Nassaukade 51-2, 1052CN Amsterdam, The Netherlands
- KVK: 99761246