GoRefer Trust Center
Data Retention
Updated April 2026
GoRefer retains data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law. This page outlines retention periods for each data category and the conditions that trigger deletion.
Retention Schedule
Updated April 2026
| Data Category | Retention Period | Deletion Trigger | Notes |
|---|---|---|---|
Account & profile data | Account lifetime + 30 days | Account deletion request or inactivity (3 years) | Anonymized aggregate stats retained indefinitely |
Tax client records | 7 years from last activity | Firm account termination (with notice) | IRS/legal record-keeping obligation |
PII fields (SSN, EIN, bank, DL) | 7 years | Data subject erasure request (subject to legal hold) | Encrypted at rest throughout retention period |
Payment & billing records | 7 years | After legal retention period lapses | Required by US tax and financial regulation |
Audit & security logs | 365 days rolling | Continuous rolling deletion | Longer retention available for Enterprise plans |
Authentication logs | 90 days | Automatic rolling deletion | Session-level logs; IP addresses masked after 30 days |
Email / communication logs | 36 months | Account deletion | Required for dispute resolution |
Error tracking (Sentry) | 90 days | Automatic (Sentry plan limit) | PII scrubbed before transmission |
Analytics data | 24 months rolling | Continuous rolling deletion | Aggregated, no direct identifiers |
Uploaded documents | Account lifetime | Manual deletion by admin or account deletion | Stored in AWS S3 with server-side encryption |
Account & Data Deletion
Updated April 2026
Account Deletion Process
Admin-initiated deletion
Firm admin can submit a full account deletion request from account settings
Soft delete (30-day window)
Account is deactivated and access suspended. Data preserved for 30 days for recovery.
Hard deletion
After 30 days, account data is permanently deleted (or anonymized where legal hold applies)
Confirmation email issued
Deletion completion notification sent to the account email address
Legal Hold & Retention Exceptions
Tax records (7-year hold)
Tax client records may be subject to a legal 7-year retention requirement regardless of deletion request
Active dispute hold
Data may be retained pending resolution of a billing dispute or legal claim
Law enforcement requests
Valid legal orders may require temporary retention of specific data
Anonymization alternative
Where full deletion is legally blocked, data is anonymized so it can no longer identify an individual
Data Export & Portability
Updated April 2026
Export your data at any time
GoRefer supports full data export in JSON and CSV formats for all firm data. Exports include client records, referrals, commission history, and account information. To request an export, go to Firm Settings → Data Export, or email privacy@gorefer.io.
Self-Serve Export
Available in Firm Settings
JSON and CSV formats
Includes all firm-owned records
Export token expires in 24 hours
Assisted Export
Request via privacy@gorefer.io
7-day SLA for data assembly
Full structured data package
PII exported only to verified owner
Timeline
Automated export: immediate
Manual/assisted export: 7 days
Legal hold acknowledgement: 5 business days
Deletion confirmation: 30 days