Transparency You Can Trust
We take your privacy and data security seriously. Review our policies governing your use of MerchantFlow.
Data Retention Policy
Overview
This policy outlines how long MerchantFlow retains different categories of data and how data is handled upon account deletion or service termination. We retain your data only as long as necessary to provide the Service or as required by law.
Retention Schedule
| Data Category | Retention Period | Deletion |
|---|---|---|
Analytics snapshots Product performance, diagnostics, daily metrics | Duration of account | Deleted within 30 days of account termination |
Order data Synced orders, attribution, revenue data | Duration of account (up to 7 years for financial records) | Deleted within 30 days of account termination |
Customer.io tracking data Lifecycle events, user attributes, feature adoption metrics | Duration of account | User profile deleted from Customer.io on account termination |
System logs & audit trails API access logs, admin actions, security events | 90 days (rolling) | Automatically purged after retention period |
Error & performance logs PostHog error reports, performance traces | 30 days | Automatically purged by PostHog |
OAuth tokens Encrypted access & refresh tokens for integrations | Until disconnected or account terminated | Immediately deleted on disconnect |
Billing records Invoices, subscription history, payment metadata | 5 years as required by Australian tax law (Income Tax Assessment Act 1997) | Retained for tax and compliance per Australian law |
Account information Email, name, company, settings | Duration of account | Deleted within 30 days of account termination |
Backup data Encrypted database backups | 90 days (rolling) | Automatically purged after retention period |
Account Deletion
You can delete your account at any time via Settings or by contacting [email protected]. Upon deletion:
- All OAuth connections are immediately revoked
- Account data, analytics, and integration data are deleted within 30 days
- Billing records are retained as required by Australian tax law
- Backup data is purged within 90 days as backups rotate
Data Export
Before deleting your account, you can export your data in CSV format from the dashboard. We also support data portability requests - contact [email protected] for a full export of your personal and business data.