Under GDPR Article 5(1)(e), Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary. This policy sets out our retention periods.
Client Data
| Data Type | Retention Period | Basis |
| Client account information | Duration of service + 6 years | Irish Statute of Limitations |
| Client communication (emails, messages) | Duration of service + 2 years | Business record keeping |
| Invoices & payment records | 6 years | Revenue requirements (Finance Act) |
| Website files & databases | Duration of hosting + 90 days | Operational necessity |
Lead & Prospective Client Data
| Data Type | Retention Period | Basis |
| Lead information (questionnaires, inquiries) | 2 years from last contact | Legitimate interest in business development |
| Marketing consent records | Duration of consent + 1 year after withdrawal | Proof of consent |
Website Visitor Data
| Data Type | Retention Period | Basis |
| Cookie consent records | 1 year | GDPR compliance proof |
| Server logs | 30 days | Security monitoring |
| Backup archives | 30 days rolling | Operational recovery |
Legal & Regulatory
| Data Type | Retention Period | Basis |
| Signed contracts & DPAs | 6 years after contract end | Irish Contract Law |
| Data subject requests | 3 years | GDPR Art. 12 compliance record |
| Data breach records | Indefinite | Regulatory requirement |
Deletion Process
At the end of the retention period, data is securely deleted or anonymised. Deletion is irreversible. Automated cleanup scripts run monthly. Clients may request early deletion via /data-request unless retention is required by law.
Questions? Contact support@rapidlaunch.ie.