Data Retention Policy — Storekept
Last updated: May 18, 2026
This Data Retention Policy describes how long Storekept (the "App"), provided by Abdusamadbek Akhmadjonov, an individual based in Uzbekistan, retains data and when it is deleted. It supplements the Privacy Policy and Terms of Service and is incorporated into them by reference.
1. Scope
This policy covers:
- Backup snapshots — encrypted copies of a merchant's Shopify store data stored in Cloudflare R2.
- Merchant account data — account, configuration, and billing metadata stored in managed PostgreSQL.
- Audit logs — records of administrative, backup, restore, and access events.
- Diagnostic data — error reports and uptime metrics.
2. Backup Snapshot Retention by Plan Tier
Backup snapshots are retained on a rolling basis according to the merchant's active plan tier. Once a snapshot exceeds its retention window, it is automatically and permanently deleted from Cloudflare R2.
| Plan tier | Backup frequency | Snapshot retention window |
|---|---|---|
| Free | Manual (on-demand) | 90 days |
| Essential | Automatic daily, plus on-demand | 365 days |
| Pro | Automatic daily and real-time, plus on-demand | 365 days |
Notes:
- Retention is enforced automatically by a scheduled background job (BullMQ + Redis).
- When a merchant downgrades to a plan with a shorter retention window, snapshots older than the new window are purged.
- Snapshots are encrypted at rest for their entire lifetime; deletion removes the encrypted object from storage.
3. Data Purge After App Uninstall — shop/redact
When a merchant uninstalls the App, Shopify sends a shop/redact webhook (typically approximately 48 hours after uninstall). Upon receiving and verifying this webhook, the App permanently deletes, within 48 hours:
- All backup snapshots for that store in Cloudflare R2.
- All merchant account data and configuration for that store in PostgreSQL.
- OAuth tokens and any cached credentials for that store.
- Pending or queued background jobs for that store (BullMQ/Redis).
After this purge, no store data or backup data is recoverable. Audit log entries recording that the redaction occurred may be retained as described in Section 5.
4. Customer Redaction Handling — customers/redact
When an individual customer of a merchant's store requests erasure, Shopify sends a customers/redact webhook. Upon receiving and verifying this webhook, the App:
- Locates that customer's personal data within all retained backup snapshots for the store.
- Deletes or irreversibly redacts that customer's personal data (name, email, phone, address) from those snapshots.
- Completes the redaction within the timeframe required by Shopify (target: within 30 days of the request).
The corresponding customers/data_request webhook is handled by compiling the customer's personal data held in backups and providing it to the merchant so the merchant can respond to the data-subject request.
5. Audit Log Retention
Audit logs record security-relevant and operational events, including backups created, restores performed, redaction webhooks processed, sign-ins, and configuration changes.
- Audit log retention period: 12 months.
- Audit logs are kept to support security investigations, incident response, and compliance evidence.
- Audit logs are minimized to contain operational metadata and identifiers rather than store content or customer personal data.
- Records evidencing that a
shop/redactorcustomers/redactrequest was completed may be retained for the audit retention period as proof of compliance.
6. Diagnostic Data Retention
- Application logs and error reports: retained on a short rolling basis for operational troubleshooting, and no longer than necessary.
- Uptime metrics (UptimeRobot): retained per the monitoring provider's default retention.
- Diagnostic data is minimized to exclude store content and customer personal data wherever possible.
7. Merchant Account Data Retention
Merchant account data is retained for the duration of the active subscription. Following uninstall, it is purged as described in Section 3. Billing records required for tax, accounting, or legal purposes may be retained for the period required by applicable law.
8. Deletion Method
Deletion is permanent. For object storage (Cloudflare R2), encrypted snapshot objects are deleted; for database records (PostgreSQL), rows are deleted. Backups of our own infrastructure are rotated regularly; residual copies are deleted on a rolling basis and are not retained indefinitely.
9. Changes to This Policy
We may update this policy. Material changes will be communicated through the App or by email.
10. Contact
Questions about data retention: team@storekept.relayt.uz.