Policy Centre
Data retention

Keep what is needed. Remove what is not.

Last updated 13 July 2026. Retention is based on service need, safety, legal duties, and storage limitation.

Retention schedule

Active account and dog profileAccount, selected park, dog profiles, settings, matches, conversations, and meetups.Kept while the account is active, then deleted or anonymised through the account-deletion workflow unless a narrow exception applies.
Verification and reset recordsHashed token, email, type, creation, expiry, and use state.Email-verification links expire after 24 hours; password-reset links expire after one hour. Expired records are eligible for routine removal.
Deletion and rights requestsRequest details, identity checks, decision, and completion evidence.Normally retained for up to 24 months after closure for accountability, unless a legal claim or obligation requires longer.
Security and administrator auditMinimised event facts, timestamps, actor, target, user agent, and hashed IP context.Operational target of up to 24 months, reviewed sooner where data is no longer needed; valid legal holds may extend this.
Reports, blocks, moderation, and incidentsReport content, evidence, actions, reasons, and appeal outcome.Open matters are kept until resolved. Closed records are reviewed under a 24-month operational target, subject to safety, legal-claim, and authority-request needs.
Emergency safety statementsEncrypted statement and supplied contact details.Restricted and reviewed for necessity. A record may be retained while a credible safety matter, legal obligation, or claim remains active; otherwise it follows the documented safety-record schedule.
Notifications and device tokensPush token, app version, preference, and delivery outcome.Removed when disabled, when the account is deleted, or when no longer needed to provide notifications. Old delivery records are eligible for periodic removal.
Encrypted backupsPoint-in-time database copies used for recovery.Production target of 30 days, with automatic rotation. Deletion from live data propagates as older backups expire.
Optional web analyticsConsent-based usage and performance data where enabled.Controlled through the configured analytics provider and removed or aggregated according to its configured retention period.

Deletion exceptions

A deletion request does not require removal where continued processing is lawfully necessary, for example to comply with a legal obligation, establish or defend a legal claim, protect another person's rights, preserve a serious safety investigation, or prevent documented fraud or block evasion. Any exception must be specific, proportionate, access-restricted, documented, and reviewed. It is not a reason to keep an entire account indefinitely.

Anonymous information

Statistics that have been irreversibly anonymised so no person is identifiable may be kept to understand service reliability, county coverage, moderation workload, and safety trends. Pseudonymous identifiers and hashed network context are still treated as personal data where they can be linked back to a person.

Questions and requests

Email dev@prints3d.org or use the selected-data deletion form.