Region
These are baseline targets; contractual or statutory rules may override them.
Data Retention
We keep personal and cellar data only as long as needed to operate TVino Cellar, meet legal requirements, and honor your choices.
(Aligned with our Data Security & Use Policy.)Retention Periods
| Category | What’s included | Primary purpose | EU (GDPR) period |
|---|---|---|---|
| Account & Profile | Name, email, preferences; authentication state after closure. | Account management & legal verification | 1 month |
| Authentication Logs | Successful/failed logins, MFA events, session metadata. | Security & fraud prevention | 3 months |
| Cellar Inventory | Bottle entries, vintages, locations/bins, notes, ratings. | Provide core service features | While account is active / until you delete |
| Purchases & Payments | Source, invoice/payment records, currency, taxes/shipping. | Billing & tax compliance | 7 years |
| Valuation Snapshots | Optional value estimates per bottle/lot. | Reports & portfolio analytics | 2 years |
| Support Tickets | Requests, attachments, agent communications. | Customer support & quality | 2 years |
| Error & Performance Logs | Crash traces, request IDs, limited IP/device diagnostics. | Reliability & incident response | 1 month |
| Analytics (optional) | Aggregated feature usage with pseudonymous IDs. | Product improvement | 395 days |
| Audit Trail | Configuration changes, exports/deletes, admin actions. | Compliance & security review | 1 year |
- Account closure: We remove or anonymize within the window shown below; backups age out on their normal cycle.
- Legal holds: Retention pauses for records subject to legal, tax, or fraud investigations.
Backups
Encrypted backups follow a rolling retention schedule; restores overwrite with the latest authorized state. Backup sets are immutable and access‑controlled.
- Rolling backup window: 35 days
- Encryption: at rest (AES‑256) and in transit (TLS 1.2+).
Your controls
- Export your data anytime (CSV/JSON).
- Request deletion of account & cellar records (subject to legal holds).
- Toggle optional analytics (kept in aggregate, time‑boxed).
Notes & exceptions
- Financial records (payments, invoices) may be retained longer to comply with tax/accounting laws in your jurisdiction.
- De‑identified aggregates (non‑personal stats) may be kept to improve forecasting and reliability.
- Security telemetry is minimized and time‑boxed; only authorized staff can view it.