Retention Policy

This Retention Policy defines how long Ctrl-Lab retains data processed and stored by the App and how we delete or de-identify data when it is no longer needed.

We store the following categories of data:

- Shopify app session records required for authentication and normal app operation
- Store identifiers and installation state

Depending on configuration, we store:
- Raw order-attribute rows (order ID + attribute key/value + totals)
- Aggregated analytics (daily counts and revenue totals per shop + key + value)

CSV exports are generated on demand. We do not permanently store export files unless explicitly stated.

We store the following categories of data:

- Shopify app session records required for authentication and normal app operation
- Store identifiers and installation state

Depending on configuration, we store:
- Raw order-attribute rows (order ID + attribute key/value + totals)
- Aggregated analytics (daily counts and revenue totals per shop + key + value)

CSV exports are generated on demand. We do not permanently store export files unless explicitly stated.

- Retention: 30 days
- Reason: troubleshooting and operational security
- Note: logs should not include sensitive personal data

When a merchant uninstalls the App:
- We delete shop-specific operational and analytics data for that shop within 7 days.
- If backups exist, deletion may occur on the next backup rotation cycle; however, we do not use the data going forward.
When Shopify privacy redaction events are received:
- We delete data associated with the shop and respond as required by Shopify’s privacy processes.

Deletion is performed by:
- Removing shop-scoped records from Postgres (sessions/operational tables and analytics tables)
- Removing shop-scoped records from MongoDB analytics collections
- Purging raw records older than 90 days
- Retaining only aggregated records (up to 24 months) where applicable

We review retention settings periodically and may update this policy as the App evolves.