Transparency You Can Trust
We take your privacy and data security seriously. Review our policies governing your use of MerchantFlow.
Data Retention Policy
Overview
This policy outlines how long MerchantFlow retains different categories of data and how data is handled upon account deletion or service termination. We retain your data only as long as necessary to provide the Service or as required by law.
Retention Schedule
| Data Category | Retention Period |
|---|---|
Analytics snapshots Product performance, diagnostics, daily metrics | Duration of account |
Order data Synced orders, attribution, revenue data | Duration of account (up to 7 years for financial records) |
Customer.io tracking data Lifecycle events, user attributes, feature adoption metrics | Duration of account |
System logs & audit trails API access logs, admin actions, security events | 90 days (rolling) |
Error & performance logs PostHog error reports, performance traces | 30 days |
OAuth tokens Encrypted access & refresh tokens for integrations | Until disconnected or account terminated |
Billing records Invoices, subscription history, payment metadata | 5 years as required by Australian tax law (Income Tax Assessment Act 1997) |
Account information Email, name, company, settings | Duration of account |
Backup data Encrypted database backups | 90 days (rolling) |
Account Deletion
You can delete your account at any time via Settings or by contacting [email protected]. Upon deletion:
- All OAuth connections are immediately revoked
- Account data, analytics, and integration data are deleted within 30 days
- Billing records are retained as required by Australian tax law
- Backup data is purged within 90 days as backups rotate
Data Export
Before deleting your account, you can export your data in CSV format from the dashboard. We also support data portability requests - contact [email protected] for a full export of your personal and business data.