Compliance Guide

Data Retention & GDPR Erasure

What Kontraktr™ stores, how long it keeps it, and exactly what happens when a customer asks you to delete their data — step by step.

Default Retention Periods

Kontraktr™ automatically purges old operational data on a schedule.

These limits apply to internal operational records — not to your core business data (jobs, invoices, customers). Core business data is kept until you explicitly delete it.

Data Type	Kept For	Why That Long
Activity Logs	365 days	1 year of audit trail covers most internal reviews and dispute windows
Notifications	90 days	Read/unread alerts aren't needed after a quarter; keeps the DB lean
Chat Messages	730 days	2 years covers typical business record-keeping expectations for internal comms
Webhook Logs	90 days	Debugging window for integration issues; older entries have no operational value
AI Usage Logs	365 days	Needed to enforce plan quotas and review usage patterns year-over-year

Note: Jobs, invoices, customers, mockups, and files are not touched by the retention cleanup. They stay until you manually delete them or submit a GDPR erasure request.

Running a Data Cleanup

Manually purge records that have passed their retention window.

Kontraktr™ doesn't run an automatic nightly cleanup by default — you trigger it when it makes sense for your shop. Admins only.

1Go to Settings → Data & Privacy.
2The page shows how many records are currently eligible for cleanup based on the retention policy above.
3Click Run Cleanup. The action deletes eligible activity logs and notifications and logs the event in your audit trail.
4A confirmation shows how many records were deleted per type.

Tip: Run cleanup once a month or before a big database export to keep Postgres fast. Activity logs are usually the largest table in high-volume shops.

Watch out: Cleanup is permanent and irreversible. There is no undo. Download an export or note any records you need before running it.

GDPR "Right to Erasure" (Article 17)

What happens when a customer asks you to delete all their data.

Under GDPR and similar privacy laws (CCPA, UK GDPR), individuals can request that you permanently delete all personal data you hold about them. Kontraktr™ gives you a one-click tool to honour that request completely.

The erasure removes everything linked to that customer in a single cascading operation. Here's exactly what gets deleted:

What Gets Deleted	Includes
Invoice Line Items	Every line item on every invoice for this customer
Invoices	All invoices (paid, unpaid, draft) tied to this customer
Mockups	All design mockups linked to this customer's jobs
Jobs	All jobs (every status, including completed orders)
Customer Record	Company name, contact info, notes, portal access slug

Watch out: Erasure is permanent. There is no recycle bin. Once you confirm, the data is gone from the database immediately. Export anything you need for your own legal records first (see below).

How to Execute an Erasure Request

Step-by-step — from customer request to confirmed deletion.

1
Verify the request
Confirm the requester is actually the customer (or their authorised representative). Check their email against the record in Kontrol™. For GDPR purposes, you must respond within 30 days of a valid request.
2
Export what you need first
Download the customer's invoice PDFs and any job records your accountant or lawyer needs. Once you run erasure, those records are gone. Most shops keep invoice PDFs for 7 years for tax purposes — store them in your own secure file system.
3
Open Settings → Data & Privacy
You must be logged in as an Admin. Managers and other roles cannot perform erasures.
4
Find the customer and click "Erase Customer Data"
Search for the customer by name or email. A confirmation dialog will appear showing exactly what will be deleted.
5
Type the confirmation phrase: "DELETE ALL DATA"
This exact phrase is required to prevent accidental erasure. Copy-paste works fine.
6
Confirm and wait
The operation takes a few seconds for large accounts. You'll see a summary of exactly how many records were deleted in each category.
7
Send the customer a deletion confirmation
GDPR requires you to notify the requester that erasure is complete. Use the email template below.

Deletion Confirmation Email Template

Send this to the requester after erasure is complete.

GDPR Article 17(3) requires you to inform the data subject that their erasure request has been fulfilled. Here's a plain-language template you can copy.

Subject: Your data deletion request — [Your Shop Name]

Hi [Customer Name],

We've completed your request to delete all personal data associated with your account at [Your Shop Name].

As of [Date], the following has been permanently removed from our systems:

Your contact information and account record
All jobs and orders associated with your account
All invoices and billing records
All files and design mockups linked to your account

Please note that we may retain certain records where required by law (e.g., tax records mandated by [your jurisdiction]). If you have any questions, reply to this email or contact us at [your email].

Kind regards,
[Your Name]
[Your Shop Name]

Note: Replace the bracketed fields with your shop details. Keep a copy of this email in your own records — it's your proof of compliance.

What's NOT Deleted by Erasure

Some records survive — here's why and what to do about them.

Two types of records persist after a customer erasure. Both are intentional.

Activity Log entries that reference the customer

Why: Activity logs record admin actions (e.g., "Admin ran GDPR erasure for Acme Corp"). Deleting the audit trail of the erasure itself would undermine the compliance record. These entries contain the customer's name at time of deletion but no other personal data.

Action: No action needed. The GDPR erasure log entry is itself your proof of compliance and is subject to the 365-day activity log retention window.

Stripe payment records

Why: Payment data lives in Stripe, not in Kontrol™'s database. Kontraktr™ only stores a Stripe customer ID. Stripe is legally required to retain payment records for fraud and financial regulation compliance.

Action: If the customer requests Stripe data deletion, direct them to your Stripe dashboard or instruct them to contact Stripe support directly. This is outside Kontraktr™'s scope.

Your Obligations as the Data Controller

Kontraktr™ is the processor. You're the controller. Here's what that means in practice.

Under GDPR, you (the shop owner) are the data controller — you decide what customer data to collect and why. Kontraktr™ is the data processor — it stores and processes that data on your behalf. The Data Processing Agreement at /public/dpa formalises this relationship.

As controller, you must:

Respond to erasure requests within 30 calendar days of receipt (GDPR Article 12)
Maintain your own record that the erasure was performed and when (keep the confirmation email you send to the customer)
Inform the customer if you cannot fulfill the request within 30 days and give a reason
Keep financial records (invoices, tax documents) for the period required by your local jurisdiction — typically 5–7 years — even after customer data is erased. Export these before running erasure.
Have a posted Privacy Policy that discloses what data you collect and how individuals can request erasure. Link it from your customer portal.

Watch out: This guide is operational documentation, not legal advice. Have a lawyer review your specific obligations before handling erasure requests from EU or California residents. Questions? Email legal@kontraktr.io.

Erasure Request Checklist

Verify the requester's identity (email match in Kontrol™)
Export invoice PDFs and any records required for tax compliance
Log into Kontrol™ as Admin
Navigate to Settings → Data & Privacy
Search for the customer → click "Erase Customer Data"
Type "DELETE ALL DATA" and confirm
Note the deletion summary (records deleted per category)
Send the customer a written deletion confirmation within 30 days
File your copy of the confirmation email

Role-Based Access Control Scenarios

Who can see what — including admin-only features like data retention.

Data Processing Agreement

The formal DPA between your shop and Kontraktr™ covering GDPR obligations.

Customer Portal Guide

How customers access their jobs and invoices — and what data they can see.

Still have questions about data or compliance? Email legal@kontraktr.io

Loading…

Data Type

Kept For

Why That Long

Activity Logs

365 days

1 year of audit trail covers most internal reviews and dispute windows

Notifications

90 days

Read/unread alerts aren't needed after a quarter; keeps the DB lean

Chat Messages

730 days

2 years covers typical business record-keeping expectations for internal comms

Webhook Logs

90 days

Debugging window for integration issues; older entries have no operational value

AI Usage Logs

365 days

Needed to enforce plan quotas and review usage patterns year-over-year

What Gets Deleted

Includes

Invoice Line Items

Every line item on every invoice for this customer

Invoices

All invoices (paid, unpaid, draft) tied to this customer

Mockups

All design mockups linked to this customer's jobs

Jobs

All jobs (every status, including completed orders)

Customer Record

Company name, contact info, notes, portal access slug

Data Retention & GDPR Erasure

Default Retention Periods

Running a Data Cleanup

GDPR "Right to Erasure" (Article 17)

How to Execute an Erasure Request

Deletion Confirmation Email Template

What's NOT Deleted by Erasure

Your Obligations as the Data Controller

Erasure Request Checklist

Related Articles

Data Retention & GDPR Erasure

Default Retention Periods

Running a Data Cleanup

GDPR "Right to Erasure" (Article 17)

How to Execute an Erasure Request

Deletion Confirmation Email Template

What's NOT Deleted by Erasure

Your Obligations as the Data Controller

Erasure Request Checklist

Related Articles