Retention & Deletion Policy¶
Purpose¶
This policy sets out how long Trove retains different categories of data, and how that data is deleted when it is no longer needed. It supports our obligations under the Australian Privacy Act, the GDPR storage limitation principle, and applicable financial and employment record-keeping laws.
The core principle is simple: we keep data for as long as we need it, and no longer.
Scope¶
This policy applies to all personal and business data held by Trove across its systems, including but not limited to:
- Brand and customer account data
- Gift recipient personal data
- Payment and transaction records
- System and access logs
- Support and communication records
Retention Schedule¶
Brand & Customer Account Data¶
Data relating to brand accounts - including account details, store configuration, contact information, and correspondence.
| Status | Retention Period |
|---|---|
| Active account | Retained for the duration of the account |
| Account closed | Retained for 3 years after account closure |
After the retention period, account data is deleted unless there is an ongoing legal obligation to retain it (e.g. an active dispute or regulatory investigation).
Gift Recipient Personal Data¶
Personal data collected about gift recipients - including names, email addresses, and delivery addresses - in connection with gifting transactions.
| Data | Retention Period |
|---|---|
| Recipient personal data | Retained for 2 years from the date of the associated gifting transaction |
After 2 years, recipient personal data is deleted or anonymised unless the recipient has an active account or there is another lawful basis for retention.
GDPR - Right to Erasure
Recipients located in the EU/EEA may request deletion of their personal data at any time under the GDPR right to erasure. See the Data Subject Rights Procedure for how these requests are handled.
Payment & Transaction Records¶
Trove does not store cardholder data. Payment processing is handled entirely by Stripe.
For bank transfer payments, Trove retains the following:
| Data | Retention Period |
|---|---|
| Bank transfer payment details and order records | 7 years from the date of the transaction |
The 7-year period reflects the requirement under Australian tax law to retain financial and GST records.
System & Access Logs¶
Logs generated by Trove's infrastructure and applications, including Sentry, AWS CloudWatch, and access logs.
| Log Type | Retention Period |
|---|---|
| Application error logs (Sentry) | 90 days |
| Infrastructure and access logs (AWS CloudWatch) | 12 months |
| Security and audit logs | 2 years |
Security and audit logs are retained for longer to support incident investigation and compliance audits.
Support & Communication Records¶
Records of customer support interactions and business communications.
| Data | Retention Period |
|---|---|
| Support tickets and email correspondence | 3 years from the date of the last interaction |
Summary Table¶
| Data Category | Retention Period |
|---|---|
| Brand account data (active) | Duration of account |
| Brand account data (closed) | 3 years after closure |
| Recipient personal data | 2 years from transaction |
| Bank transfer payment records | 7 years from transaction |
| Application error logs | 90 days |
| Infrastructure / access logs | 12 months |
| Security / audit logs | 2 years |
| Support & email records | 3 years from last interaction |
Deletion Process¶
When data reaches the end of its retention period:
- The CTO is responsible for identifying data due for deletion as part of the Annual Compliance Audit
- Data is securely deleted from all systems where it is held - including backups where practicable
- Where complete deletion is not immediately possible (e.g. data held in backup snapshots), the data is flagged and deleted at the next available backup rotation cycle
- Deletion is documented in the compliance log
Anonymisation as an Alternative¶
Where deletion is not technically feasible, data may be anonymised rather than deleted - provided that the anonymisation is irreversible and the result cannot be used to identify an individual.
Data Subject Deletion Requests¶
Individuals may request deletion of their personal data under the GDPR (right to erasure) or the Australian Privacy Act. These requests are handled in accordance with the Data Subject Rights Procedure.
Note that deletion requests may not always be fulfilled in full - for example, where we are legally required to retain the data (such as financial records) or where the data is needed to defend a legal claim.
Related Documents¶
- Compliance Overview
- Data Subject Rights Procedure
- Global Data Flow Map & Register
- Records of Processing Activities (ROPA)
Review Cycle¶
This policy will be reviewed annually or when significant changes are made to Trove's data processing activities or applicable law.
Last reviewed: April 2026 Owner: CTO