Data Retention Policy
Last updated: Jul 13, 2026
Last updated: [DATE]
This policy describes how long Human Review retains different categories of data.
Account Data
Retained for as long as your account is active, and for up to 90 days after account deactivation to allow for recovery, unless earlier deletion is requested.
Uploaded Visuals & Review Data
Retained for the duration of the client relationship, or as otherwise agreed, to preserve an auditable review history. Clients may request deletion of specific assets, subject to legitimate retention needs (e.g. dispute resolution, legal compliance).
Magic Link Tokens
Single-use login tokens are invalidated immediately upon use and expire automatically after 15 minutes if unused. Expired/used tokens remain in the database in hashed form only for audit purposes and are periodically purged.
Activity & Audit Logs
Retained for a minimum of 12 months to support security investigations and accountability requirements, then periodically archived or purged.
Cookie Consent Records
Retained for up to 12 months to demonstrate compliance with consent requirements.
Backups
Database backups are retained per your hosting provider's backup rotation policy (see the Deployment/Backup documentation) and are subject to the same deletion requests as live data, applied on the next backup cycle.
Specific retention periods should be adjusted to match your organization's actual practices and applicable legal requirements.