Version 1.0 β Last updated: January 29, 2025
Account lifetime + 30 days after deletion
7 years (legal requirement)
24 hours after last activity
This Data Retention Policy establishes guidelines for how long Magia Menu retains personal and business data, and how data is securely disposed of when no longer needed. This policy ensures compliance with:
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Active User Profile | Account lifetime + 30 days | Anonymization |
| Inactive User Profile | 2 years after last activity | Anonymization |
| Guest User (Anonymous) | 90 days | Hard Delete |
| Email/Phone | Account lifetime + 30 days | Hard Delete |
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Access Tokens | 15 minutes | Auto-expire |
| Refresh Tokens | 30 days | Hard Delete |
| Session Data | 24 hours after last activity | Hard Delete |
| Magic Link Codes | 15 minutes | Hard Delete |
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Orders | 7 years | Tax Law |
| Payment Records | 7 years | Tax Law / PCI DSS |
| Receipts | 7 years | Tax Law |
| Refunds | 7 years | Tax Law |
| Data Type | Retention Period |
|---|---|
| Security Audit Logs | 1 year |
| API Access Logs | 90 days |
| Application Logs | 30 days |
| Debug Logs | 7 days |
Complete removal from database
Marked as deleted, not visible to users
Personal identifiers removed/replaced
Cryptographic erasure for sensitive data
You can request deletion of your data when:
Response Time: 30 days (extendable by 60 days for complex requests)
You can export your data in JSON or CSV format. Request via Profile settings or email.
You can request information about what data we hold and how it is processed.
Data may NOT be deleted if:
| Processor | Data Shared | Retention |
|---|---|---|
| Iyzico | Payment data | Per Iyzico policy |
| Mapbox | Location (anonymized) | Per Mapbox policy |