Data Classification, Retention & Deletion Policy

Verification Expired

Updated today

โ€ข

2 min read

Purpose

Define how Perfect Wiki classifies data by sensitivity, how long it is retained, and how it is securely deleted at end-of-life or on customer request.

Scope

All data stored or processed by Perfect Wiki, including customer content, customer account data, operational logs, backups, and analytics events.

Data classification

  • Restricted (customer content): Wiki page bodies, uploaded files, comments, chat queries, search history. Encrypted in transit and at rest; visible only to authorized members of the customer's organization and to a small list of Authorized Personnel for support purposes.
  • Confidential (customer account data): User name, email, role, organization name, billing identifiers, integration tokens. Encrypted in transit and at rest; integration tokens additionally encrypted at the application layer.
  • Internal (operational data): Application logs, error traces (Sentry), product analytics events (PostHog), backup files. Stored in restricted systems and retained per the schedule below.
  • Public: Documentation, marketing site content, the Trust Center.

Retention schedule

  • Customer content & account data: Retained while the subscription is active.
  • Inactive free-plan organizations: Marked stale after extended inactivity and deleted by an automated job once retention requirements are met.
  • Backups: Encrypted backups are retained for up to 60 days, then automatically purged.
  • Application logs / error traces (Sentry): Retained for the provider's standard retention (typically up to 90 days).
  • Analytics events (PostHog): Retained per the provider's standard retention.
  • Billing records: Retained as required by tax/accounting law in the relevant jurisdiction (typically 7 years).

Secure deletion

  • Customer-initiated deletion: Customer admins can delete users, pages, and entire organizations from the admin panel. Deletion is honored within 30 days; backups containing the data age out within 60 days of the deletion event.
  • Automated deletion: Stale inactive organizations are deleted by a scheduled job. Trashed pages are purged after a defined grace period.
  • Physical media: Underlying storage media is sanitized and disposed of by Google Cloud per their media-sanitization standards.

Data subject rights (GDPR / CCPA)

  • Customers and their end-users may request access, correction, export, or deletion of their personal data by emailing [email protected] with subject `Data Removal Request`. Requests are answered within 30 days.
  • Customer admins can fulfill most subject-access requests directly through the application UI.

Roles & responsibilities

  • CEO/CTO: Owns this policy and oversees data deletion processes.
  • Customer Admins: Responsible for fulfilling subject access requests from their end-users.

Review cadence

Reviewed annually and on material change to data flows or applicable law.

Related Articles

Was this page helpful?