Effective date: July 20, 2024

PicksHub Data Retention and Backfill Policy

This page summarizes how long we retain core data sets, why we keep them, and how deletions are enforced. For the canonical document see docs/legal/data_retention_policy.md.

Data category	Systems / Tables	Retention target	Purpose
Authentication logs	auth.audit_log_entries, Supabase Auth logs	3 years	Security investigation, compliance
Pool audit events	audit_events, pool_audit_events	3 years	Contest adjudication, dispute resolution
Notification metadata	survivor_notification_events, survivor_notification_messages, Resend suppressions	18 months	Deliverability tracking, compliance
Email content archives	Resend message bodies	12 months	Support troubleshooting
Analytics aggregates	analytics_daily_pool, analytics_daily_user	24 months	Product planning, NFR tracking
Payment metadata	pool_payments, Stripe charges/checkout sessions	7 years	Accounting, tax compliance
Support & abuse tickets	Helpdesk platform, support_cases	4 years	Regulatory response, trend analysis
Backups	Supabase PITR snapshots, S3 WAL archives	30 days	Disaster recovery

Backfill Expectations

All new tables must include timestamp columns to drive retention filters.
Historic migrations must preserve original timestamps when backfilling records.
Backfill scripts must be documented in docs/checklists/evidence/phase_11/legal/logs/ and reviewed by the Compliance Lead.

Enforcement Controls

Supabase scheduled function enforce_data_retention() enforces retention windows for audit and notification tables.
Support reviews retention dashboards monthly and logs results in the compliance tracker.
Access to backups is restricted to break-glass SRE personnel per security runbooks.

Legal Hold

On receipt of a legal hold, the Compliance Lead pauses applicable cron jobs, records the hold, and coordinates with counsel before resuming deletions.

Contact

Compliance Lead: compliance@pickshub.com · Privacy: privacy@pickshub.com · Security: security@pickshub.com.