Data retention

Operational records

SecureWave keeps the minimum records needed to run the dashboard, process billing, support troubleshooting, and meet legal obligations. VPN traffic content is not logged or retained.

• Authentication and account records (email, password hash, account state)
• Subscription and invoice data (via Stripe; subject to Stripe's own retention)
• Device registration metadata (platform, registration date, last-seen timestamp)
• Support conversation records you initiate
• API access logs retained for security and abuse detection (rolling window)

Retention windows

Active account records are retained for as long as the account exists. Records are not pruned while an account is active, as they are needed to display accurate account state.

After account deletion, most personal records are removed within 30 days. The following may be retained longer:

• Invoice records may be retained for up to 7 years to satisfy financial and tax obligations
• API access logs are retained on a rolling 90-day basis for security purposes
• Records required by a valid legal hold are retained until the hold is released

If your organization needs a specific retention schedule, contact SecureWave directly.

Deletion requests

You can request deletion of your account and related personal data at any time. Start from Settings or contact support.

Deletion is processed within 30 days. Financial records subject to legal retention requirements will not be deleted but will be anonymized where possible.

Contact

For questions about specific data categories, retention periods, or to request a deletion, use the contact page.