Cocopipe Data Retention Policy
Last Updated: 10/11/2025
This Data Retention Policy explains how Cocopipe OÜ (“Cocopipe”, “we”, “our”, or “us”) stores, retains, and deletes personal data collected through the Cocopipe App and https://cocopipe.com in compliance with the EU General Data Protection Regulation (GDPR) and related data protection laws.
This Policy forms part of the Data Processing Addendum (DPA) and the Privacy Policy.
1. Purpose and Scope
This Policy defines:
- How long Cocopipe retains customer, user, and visitor data,
- The principles guiding secure storage, archival, and deletion, and
How users can request deletion or export of their data.
It applies to both:
- Cocopipe App Users (registered customers and team members), and
- Website Visitors (non-registered users interacting with cocopipe.com).
2. General Retention Principles
Cocopipe retains personal data only for as long as necessary to:
- Fulfill contractual or legal obligations,
- Provide the Services,
- Maintain security and audit trails, or
- Comply with statutory retention periods (e.g., financial or tax laws).
After these purposes are met, data is securely deleted or anonymized. Anonymized data may be used for analytics and service improvement.
3. Retention Periods
3.1 Cocopipe App Users
|
Data Category
|
Description
|
Retention Period
|
|---|---|---|
|
Customer Account Data
|
Name, email, company, account configuration
|
Stored while the account is active; deleted 30 days after account deletion
|
|
Customer Data (CRM content)
|
Contacts, deals, notes, tasks, and uploaded files
|
Deleted 30 days after account deletion; anonymized backups kept for 90 days
|
|
AI Prompts & Outputs (CocoAI)
|
Inputs and generated outputs
|
Temporarily stored for processing; anonymized logs retained up to 30 days
|
|
Billing & Payment Records
|
Invoices, payment confirmations, VAT details
|
Retained for up to 7 years (legal/tax compliance)
|
|
Support Communications
|
Emails, chat transcripts, tickets
|
Retained up to 24 months for quality and audit
|
|
Audit Logs & Security Events
|
Login records, access logs, system actions
|
Retained up to 12 months; may be extended in case of security incidents
|
3.2 Website Visitors
|
Data Category
|
Description
|
Retention Period
|
|---|---|---|
|
Analytics & Cookies Data
|
IP address, browser, session ID, page views
|
Up to 26 months (as configured in analytics tools)
|
|
Contact Form Submissions
|
Name, email, message
|
Up to 12 months or until user requests deletion
|
|
Newsletter / Marketing Data
|
Email, consent logs
|
Retained until consent is withdrawn
|
|
Server Logs
|
Security and access logs
|
Up to 90 days for operational security
|
4. Backups and Disaster Recovery
- Cocopipe maintains encrypted system backups for up to 90 days.
- Backups are stored within EU-based data centers.
- These backups are not accessible for operational use and are automatically purged after expiry.
5. Deletion and Anonymization
When retention periods expire or a deletion request is received:
- Data is securely erased from active databases.
- Related backups are overwritten after the next rotation cycle (within 90 days).
- Certain financial or security records may be retained as required by law.
Cocopipe uses irreversible anonymization for data kept for statistical or performance analysis.
6. User-Initiated Data Deletion
- App users may delete their account and all associated data via in-app settings or by contacting [email protected].
- Cocopipe will confirm deletion within 30 days of verified request.
- Website visitors may withdraw consent or request deletion of form submissions or marketing data through the same email.
7. Data Export Requests
Within the 30-day post-deletion period, Customers may request an export of their data.
Exports are provided in a machine-readable format (e.g., CSV or JSON) upon verification of account ownership.
8. Exceptions to Deletion
Cocopipe may retain certain data for longer periods if:
- Required by law (e.g., tax, financial regulations),
- Necessary to establish, exercise, or defend legal claims, or
- Needed for ongoing investigations or dispute resolution.
All such data will remain protected and restricted to authorized personnel.
9. Security Measures
Cocopipe applies strict data protection controls including:
- Encryption at rest and in transit,
- Role-based access control (RBAC),
- Logging and monitoring of deletion operations,
- Regular audits of storage and retention processes.
10. Policy Updates
Cocopipe may update this Policy periodically to reflect legal or operational changes.
Material changes will be announced via email or in-app notice.
The current version is always available at https://cocopipe.com/data-retention.
11. Contact
For questions or data deletion requests, contact:
📧 [email protected]
📍 Registered address: [To be added – Tallinn, Estonia]