Data Retention Policy

Version 1.0 · Last updated: 21 May 2026

Under GDPR Article 5(1)(e), Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary. This policy sets out our retention periods.

Client Data

Data TypeRetention PeriodBasis
Client account informationDuration of service + 6 yearsIrish Statute of Limitations
Client communication (emails, messages)Duration of service + 2 yearsBusiness record keeping
Invoices & payment records6 yearsRevenue requirements (Finance Act)
Website files & databasesDuration of hosting + 90 daysOperational necessity

Lead & Prospective Client Data

Data TypeRetention PeriodBasis
Lead information (questionnaires, inquiries)2 years from last contactLegitimate interest in business development
Marketing consent recordsDuration of consent + 1 year after withdrawalProof of consent

Website Visitor Data

Data TypeRetention PeriodBasis
Cookie consent records1 yearGDPR compliance proof
Server logs30 daysSecurity monitoring
Backup archives30 days rollingOperational recovery

Legal & Regulatory

Data TypeRetention PeriodBasis
Signed contracts & DPAs6 years after contract endIrish Contract Law
Data subject requests3 yearsGDPR Art. 12 compliance record
Data breach recordsIndefiniteRegulatory requirement

Deletion Process

At the end of the retention period, data is securely deleted or anonymised. Deletion is irreversible. Automated cleanup scripts run monthly. Clients may request early deletion via /data-request unless retention is required by law.

Questions? Contact support@rapidlaunch.ie.