← Back
Data Retention Schedule
Last updated: May 25, 2026
This schedule describes how long Venxa retains each category of personal information, and the legal or operational basis for that retention. It supplements the Privacy Policy and is referenced by it. Where law (for example, tax recordkeeping) sets a longer minimum than our operational need, the legal minimum controls.
Retention by category
| Category | Retention | Basis |
|---|---|---|
| Account record (name, email, hashed password, username, avatar, DOB, phone) | Indefinitely while account is active; deleted within 30 days of an account-deletion request; anonymized stub kept if there are linked financial records. | Contract performance; CCPA right to deletion (Cal. Civ. Code §1798.105). |
| Payment metadata in our DB (Stripe customer ID, charge ID, refund ID, amount, currency) | 7 years from the date of the transaction. | IRS recordkeeping (26 USC §6001 + Treas. Reg. §1.6001-1); state sales-tax recordkeeping (most states require 3–7 years). |
| Card data | We do not store card numbers — held by Stripe under their PCI scope. | PCI-DSS requirement 3.4; Stripe is the system of record. |
| Order / ticket records (orderId, eventId, ticket code, status, quantity, amount) | 7 years from event date. | Same tax/accounting basis as payment metadata. |
| RSVP records (eventId, email, name, guestCount, status, optional userId) | 2 years after event date for accepted/maybe; 30 days after event date for declined. | Operational — supports organizer follow-up and complaint resolution windows; otherwise minimal value. |
| Pre-event poll responses | 90 days after event date by default; deleted within 30 days of an account-deletion request. | Operational — organizer fulfillment (catering, merch, special needs) is complete within ~90 days of the event; longer retention has no operational basis. |
| Waitlist entries | Deleted within 30 days of event end (or upon promotion to a ticket — the entry is superseded by the Ticket record). | Operational; no legal hold. |
| Friendship records | While both accounts are active; deleted with either account. | Contract performance. |
| DM messages (Conversation, Message) | While both participants' accounts are active; deleted within 30 days of either account being deleted. | Contract performance + CCPA deletion. |
| Feed activity / likes / comments | While the actor's account is active; deleted within 30 days of account deletion. | Contract performance + CCPA deletion. |
| Notifications (in-app) | 90 days rolling. | Operational. |
| Audit logs (security, refunds, status changes) | 2 years. | Fraud prevention + security incident investigation. |
| Email delivery records (Resend logs) | 30 days (per Resend default retention; configurable up to 30 days on current plan). | Operational — bounce / complaint investigation. |
| Server access / request logs (Vercel) | 30 days. | Operational + Vercel platform default. |
| Marketing-consent timestamps | While account is active; 5 years after deletion for compliance audit trail. | Documenting consent under GDPR Art. 7(1); analogous CPRA evidence. |
| ID verification artifacts (if enabled) | 180 days post-verification, then deleted unless flagged for fraud. | Minimum necessary to perform the check; matches industry norm. |
| Talent profile data | While the talent account is active; deleted within 30 days of account deletion. | Contract performance. |
| Place profile data (organizer-owned) | While the linked organizer account is active; deleted within 30 days of organizer deletion or place takedown request. | Contract performance. |
Categories that survive account deletion
When a user requests account deletion via /delete, we delete or anonymize most data within 30 days. The categories that survive — and only the data they contain — are:
- Financial records (orders, refunds, tax-relevant transaction metadata) — required by IRS / state-tax law. We replace the user-ID linkage with an anonymized stub so the records remain auditable but cannot be re-associated with the natural person.
- Audit-log entries that name the user as the actor of a security-relevant action (e.g. a chargeback dispute) — retained for the 2-year window for fraud investigation. Email and name are replaced with a hashed user reference after the 30-day window.
- Marketing-consent timestamps — kept as evidence of opt-out compliance.
Categories we do not collect
- We do not collect or store government ID document images outside of the explicit ID Verification flow (/verify-id), and verification artifacts are subject to the 180-day window above.
- We do not collect precise geolocation (beyond city-level metadata you may choose to display on your profile).
- We do not collect biometric data.
- We do not infer protected characteristics (race, religion, sexual orientation, etc.) and we do not allow organizers to ask for them via polls.
Contact
Questions about retention or to request earlier deletion of a specific category, email privacy@venxa.events or use our contact form.