This policy details how long AliasFleet retains your data and the procedures for account deletion and data export.
Data Retention Schedule
Account Data (Active Accounts)
While your account remains active, we retain the following:
| Data Type | Retention Period | Notes |
|---|---|---|
| Profile information | Until account deletion | Name, email, username, avatar |
| Aliases | Until deleted or account closure | Alias names, domains, destinations |
| Destinations | Until deleted or account closure | Email addresses, verification status |
| Custom domains | Until deleted or account closure | Domain names, DNS settings, DKIM keys |
| User preferences | Until account deletion | Theme, settings, notification preferences |
| PGP keys | Until removed or account deletion | Public keys only; private keys never stored |
| 2FA settings | Until disabled or account deletion | Hashed secrets only |
Activity and Log Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Email forwarding logs | 90 days | Delivery status, timestamps, metadata (not content) |
| Failed login attempts | 30 days | Fraud detection and rate limiting |
| API request logs | 90 days | Security analysis and debugging |
| Session data | 14 days (inactive) | Session management and security |
| Support tickets | 15 days after closed | Customer service and issue resolution |
| Abuse reports | 90 days | Compliance and security investigations |
Billing Data
AliasFleet does not store billing records on our servers. All billing data is handled by Stripe:
| Data Type | Storage | Notes |
|---|---|---|
| Stripe Customer ID | Stripe only | Referenced in our database for subscription management |
| Subscription status | Our database | Active/cancelled status only, no payment details |
| Payment method | Never stored | Handled entirely by Stripe |
| Invoices | Stripe only | Available in your Stripe customer portal |
| Billing addresses | Stripe only | Collected during checkout |
For information about Stripe's data retention, see Stripe's Privacy Policy.
Account Deletion
How to Delete Your Account
- Navigate to Settings → Security
- Scroll to "Delete Account" section
- Review what will be deleted
- Confirm your identity (password/2FA required)
- Confirm deletion
Warning: Account deletion is permanent and cannot be undone. We cannot recover deleted accounts.
What Happens When You Delete
Immediate (0-24 hours):
- All aliases and forwarding configurations removed
- Profile information deleted
- Custom domains detached and DNS records scheduled for removal
- Active sessions terminated
- API keys revoked
Short-term (7-30 days):
- Data purged from primary database
- Search indexes updated
- Database backups purged per retention cycle
Selective Data Deletion
You can delete specific data without closing your account:
| Data Type | How to Delete | Immediate? |
|---|---|---|
| Individual aliases | Aliases dashboard → Delete | Yes |
| Destinations | Destinations page → Remove | Yes (requires re-verification to re-add) |
| Custom domains | Domain settings → Delete | Yes (DNS propagation may take 24-48 hours) |
| PGP keys | Destination settings → Remove encryption | Yes |
| Active sessions | Settings → Security → Revoke sessions | Yes |
| Export data | Delete downloaded files from your device | Yes |
Data Export
You can export a copy of your data before deletion:
- Go to Settings → Profile → Export Data
- Select data types to include
- Request export
- Download the JSON archive when ready
- Verify the export contains expected data
Export includes:
- Profile information
- Alias configurations
- Destination addresses
- Custom domain settings (without DKIM private keys)
- User preferences
- Billing history (last 12 months)
Export does NOT include:
- Email content or attachments
- PGP private keys (we don't store these)
- System logs or internal identifiers
- Other users' data
Data Retention Exceptions
Legal Holds
We may be required to retain certain data beyond standard periods when:
- Subject to active litigation or investigation
- Required by court order, subpoena, or legal process
- Related to fraud, abuse, or security incident response
- Mandated by government request under applicable law
When a legal hold applies:
- Affected data is preserved and protected from deletion
- You will be notified if legally permitted
- Data is released only to authorized parties per legal process
Security Incidents
In the event of a security breach or attack:
- Relevant logs may be retained beyond standard periods
- Data is used for investigation, remediation, and prevention
- Retention extends only as long as necessary for security purposes
Automated Data Purging
Our systems automatically delete data according to the following schedule:
| Data Type | Purge Frequency | Retention |
|---|---|---|
| Email forwarding logs | Daily | 90 days |
| Failed login attempts | Daily | 30 days |
| Temporary session data | Daily | 14 days inactive |
| Deleted alias records | Weekly | 30 days |
| Old API keys | Monthly | 90 days after revocation |
| Closed support tickets | Daily | 15 days after closing |
| Analytics logs | Monthly | 90 days |
Third-Party Data
Some data is processed by external services:
Stripe (Payments):
- Billing data subject to Stripe's retention policies
- Payment card details never touch our servers
Cloudflare (DNS Only):
- Custom domain DNS records managed via Cloudflare's API
- DNS propagation typically 24-48 hours after deletion
- No email content or user data is stored by Cloudflare
Infrastructure
All user data (except DNS records for custom domains and payment data handled by Stripe) is stored on servers we control and manage.
Your Rights Under Privacy Laws
Depending on your jurisdiction, you may have rights to:
- Right to Deletion: Request deletion of your personal data
- Right to Access: Obtain a copy of your data
- Right to Rectification: Correct inaccurate information
- Right to Portability: Transfer data to another service
- Right to Restriction: Limit processing in certain circumstances
To exercise these rights:
- Submit requests to legal@aliasfleet.com
- Include your account email and specific request
- Identity verification required for security
Verification of Deletion
When you request deletion, we provide:
- Confirmation when deletion is complete
- Reference number for your records
- List of any data retained under legal exceptions
What We Cannot Delete
Certain data cannot be deleted:
- Anonymized analytics: Data stripped of personal identifiers
- Aggregated statistics: Summarized usage metrics
- Legal records: Data required by law to retain
- Backup archives: Until the backup rotation cycle completes (up to 30 days)
Policy Updates
We may update this Data Retention Policy to reflect:
- Changes in legal requirements
- New service features
- Improved data practices
Updates will be posted on this page with an updated effective date.
Contact
Privacy and data requests: legal@aliasfleet.com