This Data Retention Policy explains how Cocopipe OÜ (“Cocopipe”, “we”, “our”, or “us”) stores, retains, and deletes personal data collected through the Cocopipe App and https://cocopipe.com in compliance with the EU General Data Protection Regulation (GDPR) and related data protection laws.
This Policy forms part of the Data Processing Addendum (DPA) and the Privacy Policy.
1. Purpose and Scope
This Policy defines:
How long Cocopipe retains customer, user, and visitor data,
The principles guiding secure storage, archival, and deletion, and
How users can request deletion or export of their data.
It applies to both:
Cocopipe App Users (registered customers and team members), and
Website Visitors (non-registered users interacting with cocopipe.com).
2. General Retention Principles
Cocopipe retains personal data only for as long as necessary to:
Fulfill contractual or legal obligations,
Provide the Services,
Maintain security and audit trails, or
Comply with statutory retention periods (e.g., financial or tax laws).
After these purposes are met, data is securely deleted or anonymized. Anonymized data may be used for analytics and service improvement.
3. Retention Periods
3.1 Cocopipe App Users
3.2 Website Visitors
4. Backups and Disaster Recovery
Cocopipe maintains encrypted system backups for up to 90 days.
Backups are stored within EU-based data centers.
These backups are not accessible for operational use and are automatically purged after expiry.
5. Deletion and Anonymization
When retention periods expire or a deletion request is received:
Data is securely erased from active databases.
Related backups are overwritten after the next rotation cycle (within 90 days).
Certain financial or security records may be retained as required by law.
Cocopipe uses irreversible anonymization for data kept for statistical or performance analysis.
6. User-Initiated Data Deletion
App users may delete their account and all associated data via in-app settings or by contacting [email protected].
Cocopipe will confirm deletion within 30 days of verified request.
Website visitors may withdraw consent or request deletion of form submissions or marketing data through the same email.
7. Data Export Requests
Within the 30-day post-deletion period, Customers may request an export of their data.
Exports are provided in a machine-readable format (e.g., CSV or JSON) upon verification of account ownership.
8. Exceptions to Deletion
Cocopipe may retain certain data for longer periods if:
Required by law (e.g., tax, financial regulations),
Necessary to establish, exercise, or defend legal claims, or
Needed for ongoing investigations or dispute resolution.
All such data will remain protected and restricted to authorized personnel.
9. Security Measures
Cocopipe applies strict data protection controls including:
Encryption at rest and in transit,
Role-based access control (RBAC)
Logging and monitoring of deletion operations,
Regular audits of storage and retention processes.
0. Policy Updates
Cocopipe may update this Policy periodically to reflect legal or operational changes.
Material changes will be announced via email or in-app notice.
The current version is always available at https://cocopipe.com/data-retention.
11. Contact
For questions or data deletion requests, contact:
[email protected]
Registered address: Address not provided in Global Settings