How long I keep things — and when I purge.
Last updated: April 22, 2026I don't hoard data. Keeping submissions around "just in case" is how agencies end up with ten years of old COIs in a shared drive nobody's cleaned since 2018. Here's my schedule.
1. Retention schedule
| Data | Default retention | Basis |
|---|---|---|
| Active submission metadata (Leads/Contacts/Opportunities in Copper) | Life of engagement + 7 years | Insurance record-keeping + statute of limitations alignment |
| Uploaded documents (loss runs, applications, COIs, policies, schedules, photos, etc.) | 18 months for inactive/unconverted submissions; life of engagement + 7 years for bound/engaged accounts | Operational need + insurance record-keeping |
| Raw intake form submissions (the form payload itself) | 18 months | Operational |
| Email communications | 7 years | Insurance record-keeping |
| Application / server logs | 90 days | Security & debugging |
| Analytics / traffic data | 13 months, aggregated thereafter | Product improvement |
| Backups (database + storage) | Rolling 30 days; 7-day PITR window | Disaster recovery |
| Financial records (invoices, payment data — once applicable) | 7 years | Tax & regulatory |
2. Triggers
Automatic purges
- Inactive / unconverted upload files are purged 18 months after the submission date.
- Application logs roll off after 90 days.
- Backups outside the 30-day rolling window are overwritten automatically.
Event-driven purges
- End of engagement: on written termination of a client relationship, uploaded documents are deleted or returned within 30 days, subject to the 7-year insurance record retention below.
- Deletion request: on a valid data subject deletion request, data is purged within 30 days from production systems and from backups at the next backup cycle (max 30 days later), except where retained under Section 3.
- Breach / incident: affected data is preserved for forensic purposes until the incident is closed.
3. Legal hold / regulatory exceptions
Some data I have to keep, even if you ask me to delete it:
- Insurance record-keeping: state insurance regulations require retention of customer and transaction records, typically 5–7 years depending on state and transaction type. I default to the most protective standard (7 years).
- Tax: financial and billing records are retained for 7 years.
- Litigation hold: if a matter is in dispute or investigation, related data is preserved until the matter resolves.
- Sanctions / AML: where applicable, records required under sanctions or AML rules are retained for the period required.
In those cases, data moves to a restricted archive — not deleted, but also not actively used. If you want confirmation of status on your specific record, email scott@upfrontrisk.io.
4. How deletion actually works
- Record is flagged in Supabase and Copper.
- Primary storage deletes immediately (database rows removed, file objects destroyed).
- Backups retaining the deleted record roll off within 30 days. Until then, the record sits only in encrypted backup media and isn't accessed except for disaster recovery.
- If the record was pushed to Copper, it's deleted there too. Copper maintains its own backups on a similar cadence.
5. Data you can delete yourself
There's no self-service delete button yet — the beta is small enough that it hasn't been worth building. Email me, and I'll do it the same day in most cases. Deletion is free and always will be.
6. Changes
If I shorten retention periods, existing records get the shorter window. If I lengthen them (rare — and only for compliance reasons), it applies to records going forward, not retroactively.
7. Contact
Retention questions or deletion requests: scott@upfrontrisk.io.