Data Retention Policy
Last Modified: February 2026
1. Purpose
This Data Retention Policy describes how Starbox Group GmbH ("Starbox", "we", "us") retains and deletes data across our Vaultbrix database-as-a-service platform. This policy ensures compliance with:
- Swiss Federal Act on Data Protection (nFADP/LPD)
- EU General Data Protection Regulation (GDPR) - data minimization principle
- Swiss tax and commercial law (OR 958f)
- SOC 2 Type II requirements
Data Minimization Principle
We retain data only as long as necessary for the stated purpose or legal obligation. When retention periods expire, data is securely deleted.
2. Retention Schedule Overview
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Customer Databases | Subscription + 30 days | Contract |
| Account Information | Account active + 30 days | Contract |
| Billing Records | 10 years | Swiss OR 958f |
| Database Backups | Per plan (7-90 days) | Contract/SLA |
| Access Logs | 90 days | Security/Legit Interest |
| Audit Logs | 1 year | SOC 2 Compliance |
| Security Incident Logs | 3 years | Legal/Forensics |
| Support Tickets | 2 years | Service Quality |
| AI Agent Memory | Subscription + 30 days | Contract |
3. Customer Data
3.1 Databases and Storage
Retention: Subscription Duration + 30 Days
Your databases, storage buckets, and edge functions are retained for the duration of your subscription plus a 30-day grace period.
- Active subscription: Data retained indefinitely
- Subscription cancelled: 30-day export window
- After 30 days: Permanent deletion from active systems
- Backups purged: Within 60 days of termination
3.2 Backup Retention by Plan
| Plan | Backup Type | Retention |
|---|---|---|
| Free | Daily snapshots | 7 days |
| Starter | PITR (Point-in-Time Recovery) | 7 days |
| Pro | PITR | 14 days |
| Business | PITR | 30 days |
| Enterprise | PITR | 90 days (customizable) |
3.3 AI Context Engine Data
- Schema metadata: Retained while subscription is active, deleted with account
- Agent Memory (decisions, learnings): Retained per subscription + 30 days
- Context query logs: 30 days for debugging, then deleted
4. Account and Administrative Data
4.1 Account Information
- Email, name, organization: Duration of account + 30 days
- Authentication data: Deleted immediately upon account closure
- OAuth tokens: Revoked and deleted upon disconnection
4.2 Billing Records
Legal Retention: 10 Years
Swiss commercial law (OR 958f) requires retention of financial records for 10 years from the end of the fiscal year.
- Invoices: 10 years
- Payment records: 10 years
- Credit notes: 10 years
- Tax documentation: 10 years
Note: Payment card data is not stored by Vaultbrix - it is processed directly by Stripe (PCI-DSS Level 1 certified).
5. Logs and Monitoring
5.1 Access Logs
- API request logs: 90 days
- Authentication logs: 90 days
- IP addresses: 90 days
Access logs are used for security monitoring, debugging, and abuse prevention.
5.2 Audit Logs
- Administrative actions: 1 year
- Database DDL changes: 1 year
- Permission changes: 1 year
- Project creation/deletion: 1 year
Audit logs support SOC 2 compliance and security investigations.
5.3 Security Incident Logs
- Incident reports: 3 years
- Forensic data: 3 years (or longer if legal proceedings)
- Breach notifications: 3 years
6. Communications
6.1 Support Tickets
- Ticket content: 2 years from closure
- Associated files: 2 years from closure
6.2 Marketing Communications
- Consent records: Duration of consent + 3 years
- Unsubscribe requests: Permanently maintained
7. Data Deletion Procedures
7.1 Automatic Deletion
Data is automatically deleted when retention periods expire. Deletion jobs run daily at 04:00 CET.
7.2 Secure Deletion Methods
Secure Erasure Standards
All deletions follow NIST SP 800-88 guidelines for media sanitization.
- Database data: PostgreSQL TRUNCATE with WAL cleanup
- Object storage: S3 object deletion with bucket lifecycle policies
- Backups: Encrypted backup files deleted from storage
- Logs: Log rotation and secure deletion
7.3 Deletion Verification
- Automated verification jobs confirm deletion completion
- Deletion logs maintained for audit purposes (1 year)
- Upon request, we can provide deletion confirmation certificates
8. Data Subject Rights
8.1 Right to Erasure (Right to be Forgotten)
You may request deletion of your data at any time. To exercise this right:
- Email privacy@starbox-group.com with your request
- We will verify your identity
- Eligible data will be deleted within 30 days
- You will receive confirmation of deletion
8.2 Exceptions to Erasure
Certain data cannot be deleted immediately due to legal obligations:
- Billing records (10-year Swiss tax requirement)
- Security incident records (if under investigation)
- Data subject to legal hold or litigation
8.3 Data Portability
Before account deletion, you can export your data via:
- Dashboard export feature
- PostgreSQL pg_dump via connection string
- Storage bucket download via S3 API
9. Legal Holds
When litigation or regulatory investigation is anticipated:
- Relevant data is placed on legal hold
- Normal deletion procedures are suspended for that data
- Hold is maintained until legal matter is resolved
- You will be notified if your data is subject to legal hold (unless prohibited by law)
10. Data Location
Swiss Data Residency
All customer data, backups, and logs are stored exclusively in Switzerland at Infomaniak's Geneva data center.
11. Policy Updates
This policy may be updated periodically. Material changes will be communicated via email with 30 days notice. The current version is always available at this URL.
12. Contact
For questions about data retention or deletion requests:
Email: privacy@starbox-group.com
Address: Starbox Group GmbH, 1288 Geneva, Switzerland