Data Retention Policy
How Long We Keep Your Data
CAIRL retains your data only as long as necessary to provide our services, comply with legal obligations, and prevent fraud. This policy expands on the retention schedule described in our Privacy Policy.
Retention Schedule
| Data Type | Retention Period | Notes |
|---|---|---|
| Account information (email, name, preferences) | Until account deletion | You can close your account at any time |
| Raw identity document images | Until you delete them or account closure + 30 days | You can delete document images at any time through your account |
| Biometric session data (raw processing) | Duration of verification session only | Ephemeral — not retained after session completes |
| Biometric reference (facial embedding) | Until account deletion + 30 days | Used for uniqueness enforcement and fraud prevention. Deletable at your request at any time |
| Verification records (results, timestamps, attestations) | Up to 7 years | Retained to meet regulatory, audit, and fraud prevention obligations as applicable |
| Proxy email relay metadata | 90 days | Sender, recipient, timestamps for abuse prevention |
| Usage logs | 90 days | IP, browser, device information |
| Payment and billing records | Duration of business relationship + 7 years | Tax and legal compliance obligations |
| Partner API credentials and webhook configurations | Duration of business relationship | Deleted on account closure |
| Audit logs (routine) | 90 days | Standard operational logging |
| Audit logs (security events) | Permanent | Security incidents, access violations, rejected authentication attempts |
Biometric Data
Biometric references (facial embeddings) associated with your account are permanently destroyed within 30 days of: your deletion request, your withdrawal of consent, or your account closure.
Raw biometric session data (such as selfie processing results) is ephemeral and is not retained beyond the verification session.
Biometric data is not used to track your behavior across unrelated services.
For full details on how biometric data is collected, used, and protected, see our Privacy Policy and Biometric Data Policy.
What We Never Retain
- Raw selfie images after face comparison completes
- Plaintext passwords
- Full payment card numbers (handled by Stripe)
- Bank login credentials (handled by Plaid)
Your Rights
You may request deletion of your data at any time by contacting privacy@cairl.app or through your account settings. Data may persist in secure, isolated backups for a limited period and is automatically deleted in accordance with backup retention schedules.
Verification records may be retained for up to 7 years even after account closure, as required for regulatory, audit, and fraud prevention obligations. These records do not contain your document images, biometric references, or biometric session data.