Data Retention
Manage data lifecycle, retention policies, and privacy controls
Overview
IdeaLift's data retention policies govern how long your workspace data is stored and when it is automatically deleted. Proper data retention helps you meet regulatory requirements (GDPR, SOC 2, HIPAA), reduce storage costs, and minimize risk from holding data longer than necessary.
By default, IdeaLift retains your data indefinitely while your account is active. On Scale and Enterprise plans, you can customize retention periods for different data types to match your organization's policies.
Default Retention
The following default retention periods apply to all plans. On Scale and Enterprise plans, these can be customized.
Ideas, workspace settings, and integration configurations are retained for the lifetime of your workspace. No data is deleted while your subscription is active.
If you cancel your subscription, your workspace reverts to the Starter plan. All data is preserved. If you later delete your workspace entirely, data is permanently removed after a 30-day grace period.
When you delete an idea or user, the data is soft-deleted immediately (hidden from the UI) and permanently purged from the database after 30 days. During the grace period, data can be restored by contacting support.
Configuring Retention Periods
Scale and Enterprise plans can customize retention periods per data type. This is useful for meeting industry-specific compliance requirements or reducing the amount of stored data.
How to configure
- Go to Dashboard → Settings → Data & Privacy
- Find the "Data Retention" section
- Set retention periods for each data type (e.g., ideas, audit logs, analytics)
- Click "Save Retention Policy"
- Confirm the changes — this action cannot be undone for already-deleted data
Important: Reducing a retention period will schedule existing data that exceeds the new period for deletion. This process runs nightly and is irreversible. Export any data you need before changing retention periods.
Available retention periods
Enterprise plans can request custom retention periods. Contact your account manager.
Data Types
IdeaLift stores the following categories of data. Each has its own default retention period and configurability.
| Data Type | Default Retention | Configurable | Notes |
|---|---|---|---|
| Ideas | Indefinite | Scale+ | Includes linked votes, comments, and push history. |
| User accounts | While active | No | Deleted 30 days after account removal, unless required for audit trail. |
| Audit logs | Plan-based | Scale+ | Growth: 30 days, Scale: 1 year, Enterprise: unlimited. |
| Integration tokens | While connected | No | Encrypted at rest. Deleted immediately when integration is disconnected. |
| Analytics data | 2 years | Scale+ | Anonymized after retention period. Aggregate data retained indefinitely. |
| File attachments | Same as parent idea | No | Deleted when the parent idea is deleted or retention policy applies. |
| Session data | 30 days | No | Automatically purged after session expiry. |
Data Subject Access Requests (DSAR)
Under GDPR, CCPA, and other privacy regulations, individuals have the right to access, correct, or delete their personal data. IdeaLift supports automated DSAR processing to help you comply with these requests efficiently.
Right to access
Users can request a copy of all personal data IdeaLift stores about them.
- Go to Dashboard → Settings → Data & Privacy
- Click "Request Data Export"
- A download link will be emailed within 24 hours containing all personal data in JSON format
Right to erasure (right to be forgotten)
Users can request deletion of their personal data from IdeaLift.
- Go to Dashboard → Settings → Data & Privacy
- Click "Request Data Deletion"
- Confirm the request — this initiates a 14-day cooling-off period
- After 14 days, personal data is permanently erased from all systems including backups
What is deleted: User profile, email address, name, login history, and any ideas attributed to the user. Anonymized aggregate data (vote counts, trend statistics) is retained.
Right to rectification
Users can update their personal information at any time from their profile settings. Workspace Admins can also update user details from the Team page. If data correction is needed in audit logs, contact [email protected].
Admin-initiated DSAR
Workspace Admins on Scale and Enterprise plans can process DSAR requests on behalf of workspace members.
- Go to Dashboard → Settings → Data & Privacy
- Click "Process DSAR"
- Enter the user's email address
- Select the request type: Export or Delete
- The request is processed according to the same timelines above
Exporting Data Before Deletion
Before retention policies delete data, we recommend exporting anything you might need for records or compliance.
Export options
Export all ideas as CSV or JSON from Dashboard → Ideas → Export. Includes title, description, source, status, votes, and metadata.
Export audit events as CSV or JSON from Settings → Security → Audit Logs → Export. See Audit Logs for details.
Enterprise plans can request a complete workspace data dump (all ideas, users, settings, logs) in JSON format via the API or by contacting support.
Use the REST API to programmatically export data before retention deadlines. Automate with cron jobs for continuous archival.
Retention notifications
When custom retention policies are configured, workspace Admins receive email notifications 7 days before data is scheduled for deletion. This gives you time to export anything you need. Notifications are sent to all users with the Admin or Owner role.
Related Documentation
Need Help?
Questions about data retention, privacy, or compliance?