← Security overview
Security policy

Data Retention Schedule

Per-class retention windows for uploads, deliverables, database rows, Telegram sessions, logs, AI artifacts, anonymized pool, billing, and legal records — plus the deletion-on-request workflow.

Canonical source under version control · provided in writing to any customer that requests it as part of vendor due diligence.

Soundcheck Insights — Data Retention Schedule

Owner: Valter Klug, Founder & CEO Version: 1.0 — June 2026 Review cadence: annually, or whenever the data architecture changes.

This is the written retention schedule referenced in §Q9 and §Q13 of the Vendor Security Questionnaire. Every artifact the platform touches is listed below, with where it lives, why it is retained, how long, and how to delete it.


1. Retention by data class

1.1 Operator-uploaded files (intake transcripts, brand documents, PDFs, images)

  • Storage: Vercel Blob (US-East), AES-256 at rest, accessed via short-lived signed HTTPS URLs.
  • Default retention: life of the engagement + indefinitely available to the owning operator until they request deletion.
  • Deletion on request: hard delete within 30 days of written request, confirmed back in writing. Soft-delete is recoverable; hard delete is irreversible.
  • Top Secret / Incognito Mode: no read access for Soundcheck staff regardless of retention.

1.2 Database rows — projects, reports, personas, dashboards, share links

  • Storage: Neon Postgres (US), AES-256 at rest.
  • Default retention: indefinite, supports historical reference by the operator.
  • Soft-delete: any operator-initiated delete sets a deleted_at timestamp; rows are filtered from every query through the single scoped-query helper. Recoverable by founder within 30 days. After 30 days, soft-deleted rows are eligible for hard purge.
  • Hard delete: by written request, completed within 30 days, confirmed in writing.
  • Neon point-in-time recovery (PITR): the platform maintains the default Neon PITR window for the active branch; PITR captures also age out per Neon's retention policy.

1.3 Generated deliverables (.docx, dashboard payloads, monthly-update DOCX)

  • Storage: Vercel Blob for .docx + Gamma decks; Neon Postgres for dashboard JSON payloads.
  • Default retention: life of the engagement and beyond. Monthly Update DOCX rolls remain downloadable forever (they are a delivered artifact, not a continuation of the subscription).
  • Deletion on request: same window — 30 days from written request.

1.4 Telegram bot sessions & messages

  • Storage: Neon Postgres (telegram_sessions, telegram_messages).
  • Default retention: life of the engagement for audit purposes. Operator can review every chat session from the Bot Conversations panel.
  • Deletion on request: same 30-day window.

1.5 Application + function logs (Vercel)

  • Storage: Vercel platform logs.
  • Default retention: per Vercel plan. Pro plan = 24 hours for function logs / 7 days for build logs; longer windows available on Enterprise. Soundcheck's current operational target is ≤ 7 days for runtime function logs.
  • Sensitivity: logs include status, duration, and route — they do not include request bodies or query results by default.
  • Deletion: ages out automatically; no manual delete needed.

1.6 Background-job logs (Inngest)

  • Storage: Inngest platform.
  • Default retention: 7 days for run-level logs on the current plan tier; can be extended on Enterprise.
  • Sensitivity: Inngest stores per-step inputs and outputs of workflow runs, which can include extracted text from uploaded files during research generation. Treat Inngest logs with the same sensitivity as the source content.
  • Deletion: ages out automatically per Inngest retention. Manual purge is escalated to Inngest support if required by a customer's contract.

1.7 Authentication logs (Clerk)

  • Storage: Clerk platform (SOC 2 Type II).
  • Default retention: per Clerk's policy. The platform itself does not store passwords; Clerk handles all credential material.
  • Deletion: account deletion in Clerk cascades to the platform user row's soft-delete.

1.8 AI processing artifacts (Anthropic)

  • Storage: Anthropic API. Under Anthropic's commercial terms (with the DPA + Standard Contractual Clauses automatically incorporated per Anthropic's March 2026 policy), prompts + responses are retained for up to ~30 days for abuse monitoring, then auto-deleted. No use of inputs or outputs for model training.
  • Zero-Data-Retention (ZDR): requested from Anthropic support in June 2026; not yet enabled at time of writing. Once approved, the ~30-day window disappears and prompts + responses are not retained at all.

1.8b Web search keywords (Tavily)

  • Storage: Tavily API (US). Used only by the optional Monthly Update worker.
  • What is sent: topic keywords derived from the project's own watch areas. No client identifiers, agency identifiers, brand names, uploaded files, or generated content ever leaves the platform to Tavily.
  • Tavily account-level controls: Tavily's "Allow use of query data" toggle is set to OFF on the Soundcheck Tavily workspace, which means Tavily does not save queries for service improvement.

1.9 Anonymized engagement pool

  • Storage: Neon Postgres tables (anonymized_engagements etc.).
  • Content: categorical tags only — no client names, brand names, agency identifiers, verbatim quotes, or persona names.
  • Origin hash: SHA-256 of (agency_id || resource_id || env.salt). The salt lives in Vercel env and is uncomputable outside the platform.
  • Deletion: when an operator deletes a project, the corresponding anonymized row is purged via origin-hash lookup. Top Secret / Incognito Mode projects are excluded from the pool entirely.
  • Retention: indefinite for non-deleted, opted-in engagements.

1.10 Billing artifacts

  • Storage: Neon Postgres.
  • Default retention: 7 years for invoice and tier-change audit records, to satisfy US tax and accounting record-keeping requirements.
  • Soft-delete: not applicable to billing snapshots; they remain part of the historical billing trail.

1.11 Legal records (T&C acceptance, contracts)

  • Storage: Neon Postgres + git-versioned legal docs.
  • Default retention: 7 years post-termination, to align with US federal E-SIGN Act and Florida Uniform Electronic Transaction Act admissibility windows.
  • Deletion: retention is contractual and statutory; deletion requires a legal review.

2. Deletion-on-request workflow

  1. Receive request: written email to info@soundcheckinsights.com or valter@soundcheckinsights.com.
  2. Verify authority: confirm requester is the project owner or an admin of the owning agency.
  3. Acknowledge: within one (1) business day.
  4. Execute: hard delete completed within 30 days.
  5. Confirm in writing: with timestamp, scope of deletion, and any retained classes (billing, legal records).

For Top Secret / Incognito Mode projects, the founder does not have visibility into project content but can still execute the deletion against the project ID metadata.


3. Project-close vs. account-close

  • Project soft-delete: filters the project from all queries immediately; 30-day grace before hard purge.
  • Project hard-delete on request: completed within 30 days, cascades to: research reports, personas, strategic projects, dashboards, share links, bot sessions, monthly updates, and anonymized pool rows.
  • Agency close: all projects under the agency follow the same hard-delete cascade; billing records retained per §1.10.

4. Backups

  • Neon Postgres: automatic backups + point-in-time recovery on the platform's plan tier. PITR is currently the primary recovery mechanism for accidental data loss.
  • Vercel Blob: durable object storage with provider-level redundancy. No additional Soundcheck-side replication.
  • Off-platform backups: not maintained today; recovery depends on the sub-processors' native durability guarantees.

5. Document control

  • Storage: repository under version control. Every change is a git commit attributable to a named actor.
  • Review: annually, or when storage, sub-processor, or regulatory posture changes.
  • Distribution: linked from the Soundcheck Security page (/security) and provided in writing to any customer who requests it as part of vendor due diligence.

Soundcheck Insights LLC · Florida, United States · © 2026