Data Retention Policy

How Long We Keep Your Data

Transparency about data retention is fundamental to trust. Here's exactly what we keep, for how long, and why.

The Short Version

We keep the minimum data necessary to provide the service, and we delete everything when you ask us to. Because of end-to-end encryption, most of your content is only readable by you and your groups—we can't access it even if we wanted to.

Data Categories & Retention Periods

Data CategoryRetention PeriodEncrypted
Account Information

Email, display name, profile photo

Until account deletionNo
User Content

Posts, comments, photos, videos, reactions

Until deleted by user or account deletionYes
Metadata

Timestamps, group memberships

Until account deletionPartial
Security Logs

Login attempts, IP addresses

90 daysNo
Payment Records

Subscription history, invoices

7 years (legal requirement)No

What Happens When You Delete Your Account

When you choose to delete your account, you have two options:

7-Day Grace Period (Default)

1

Your account is immediately deactivated and hidden from other users

2

You have 7 days to change your mind and restore your account

3

After 7 days, all encryption keys are destroyed

4

Encrypted content becomes permanently unreadable and is purged from our systems

Immediate Deletion

If you choose immediate deletion, your encryption keys are destroyed instantly. This action is irreversible—your encrypted content becomes permanently inaccessible within minutes.

How Encryption Affects Retention

Our end-to-end encryption architecture means that even data we retain is often inaccessible to us:

Encrypted content is stored as ciphertext that only your devices can decrypt
When you delete your account, we destroy the keys—the remaining ciphertext is cryptographically garbage
This provides stronger privacy guarantees than traditional deletion, which relies on us actually deleting data

Think of it like burning the only key to a safe—even if the safe still exists somewhere, its contents are permanently inaccessible.

Legal Retention Requirements

Some data must be retained for legal compliance:

  • Payment records: 7 years (tax and financial regulations)
  • Data subject requests: Records kept for 3 years (GDPR compliance)
  • Legal holds: Data may be preserved if required by ongoing legal proceedings

Questions About Your Data?

If you have questions about what data we hold about you or want to exercise your rights under GDPR, we're here to help.

privacy@snugg.social

Last updated: February 1, 2026