Data Retention and Deletion
Data Retention and Deletion Policy
Last updated: 2026-05-02
This policy explains how Cloudless approaches retention and deletion of account, billing, support, and service-related data.
1. Scope
This policy applies to information controlled by ROHIT KUMAR in connection with the Cloudless website, account system, billing records, support records, and service operations.
2. User Backup Data
Cloudless is designed around a bring-your-own-storage model. Backup data is generally stored with the user's chosen storage provider, subject to that provider's infrastructure and the user's own configuration choices.
Cloudless may process or retain limited service metadata required to support backup, restore, licensing, security, and operational functionality.
3. Account and Billing Records
We may retain account, subscription, invoice, and tax-related records for as long as reasonably necessary to:
- provide the service
- maintain billing history
- comply with legal, tax, and accounting requirements
- investigate fraud, abuse, and disputes
4. Support Records
Support emails, tickets, and related communications may be retained for service quality, training, fraud prevention, and dispute resolution.
5. Security and Operational Logs
We may retain operational and security logs for limited periods appropriate to:
- maintain service reliability
- investigate incidents
- prevent abuse
- comply with legal obligations
5a. Retention Targets
The table below describes Cloudless's target retention windows for the main categories of data we control. These are operational targets, not contractual guarantees, and individual records may be retained for longer where required by law, by an active investigation, or by an unresolved billing or legal dispute.
| Data category | Target retention window |
|---|---|
| Active account profile (email, name, settings) | For the life of the account, plus up to 30 days after deletion request |
| Encrypted DEK and key metadata | For the life of the account; deleted with the account |
| Backup operational metadata (file versions, sizes, hashes, device IDs) | For the life of the account; deleted with the account |
| Invoices, billing records, and tax records | Up to 7 years after the relevant transaction, or the period required by applicable tax law, whichever is longer |
| Payment processor identifiers (e.g. customer IDs) | For the life of the account, plus the period required for financial reconciliation |
| Support tickets and email correspondence | Up to 3 years after the ticket is closed |
| Application and access logs | Up to 90 days under normal operation |
| Security and audit logs | Up to 12 months, longer if relevant to an open incident or investigation |
| Web server / website request logs | Up to 30 days |
| Backup chunks in user-controlled object storage | Controlled by the user; not deleted by Cloudless when the account is deleted unless the user instructs otherwise |
6. Account Deletion
Users may request deletion of their Cloudless account by contacting
support@trycloudless.io.
When an account deletion request is processed, we will take reasonable steps to delete or de-identify personal data that we are not required to keep.
We may still retain some information where necessary for:
- legal compliance
- tax and accounting obligations
- fraud prevention
- dispute resolution
- enforcement of our agreements
7. User-Controlled Storage Deletion
Because users control their chosen storage provider accounts, deletion of backups stored with third-party providers may require action by the user within the application or directly within the third-party storage account.
8. Changes
We may update this policy from time to time by posting a revised version on the website.
9. Contact
For data retention or deletion questions, contact:
support@trycloudless.io