Leafcloud will retain a customer's data for as long as the aforementioned customer maintains a Leafcloud account. After closing said account, or if no such Leafcloud account exists, Leafcloud will only retain personal data if there is a legal obligation to do so (e.g., financial records).
Leafcloud may also retain data if there is a ‘business need’ to do so. These needs include but are not limited to:
- audit logs to ensure security
- other reasons
Without prejudice to local legislation, customer data will be kept for a maximum of 3 years (i.e., 1095 days). This means that storage periods in local legislation are taken into account and complied with.
To ensure customer data is kept safe, Leafcloud maintains regular backups of its data, housed in Leafcloud infrastructure, within the European Union. These may include personal data. It is impossible for Leafcloud to remove selections of data from backups; therefore, data may remain in these backups after the retention period has expired.
Backups are removed after at most three months.
Data within these backups are restored only in emergencies (e.g., Marvin accidentally deleting our production database during spring cleaning). If deleted personal data is ever restored as part of a backup, Leafcloud will delete that data within the thirty-day period following the notification.