This Data Retention and Deletion Policy explains how long RoadBuddy keeps your personal data and how you can request deletion of your information. We retain data only as long as necessary for the purposes we collected it, in compliance with applicable privacy laws including GDPR (Right to be Forgotten), CCPA (Right to Delete), and other state privacy laws.
For detailed information about what data we collect and how we use it, please see our Privacy Policy. This policy focuses specifically on retention periods and deletion procedures.
1. Data Retention Schedule
We retain different categories of personal data for different periods, depending on legal requirements and business necessity:
| Data Category | Retention Period | Reason for Retention | Legal Basis |
|---|---|---|---|
| Email Subscriber Lists | Until unsubscribe or deletion request | To send marketing emails and newsletters | Your opt-in consent |
| Contact Form Submissions | 3 years from submission | Customer service, dispute resolution, legal compliance | Legitimate business interest, legal obligation |
| Session Cookies | Duration of browser session (deleted on close) | Site functionality and security | Essential functionality |
| Persistent Cookies | Up to 12-24 months | User preferences, analytics, retargeting | Your cookie consent |
| Analytics Data (Google Analytics 4) | Up to 26 months | Website performance reporting, user experience improvement | Legitimate business interest |
| Affiliate Tracking Data | 7 years | Commission tracking, accounting, tax compliance, fraud prevention | Legal obligation (tax law), legitimate business interest |
| IP Address Logs | 90 days | Security, fraud detection, technical troubleshooting | Legitimate business interest, legal obligation |
| Email Service Provider Data | Until unsubscribe (or per provider’s policy) | Email delivery and tracking | Your consent, legitimate business interest |
| Browser/Device Data | Up to 26 months (in analytics) | Website optimization, user experience analysis | Legitimate business interest |
| Third-Party Ad Network Data | Per third-party’s policy (typically 2 years) | Ad targeting, conversion tracking, retargeting | Your consent, third-party provider’s policy |
2. Automatic Deletion
Some data is automatically deleted after the retention periods listed above:
- Session cookies – Automatically deleted when you close your browser
- Analytics data – Google Analytics automatically purges data after 26 months
- IP address logs – Automatically deleted after 90 days
- Affiliate tracking data – May be automatically purged after retention period (per partner agreements)
However, you do NOT need to wait for automatic deletion. You can request manual deletion at any time.
3. Your Right to Delete Your Data
3.1 General Right to Deletion
You have the right to request deletion of your personal data that we hold. This right is guaranteed under:
- GDPR (EU/EEA): Right to erasure, or “Right to be Forgotten”
- CCPA (California): Right to delete
- Other U.S. State Privacy Laws: Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Virginia (VMPPA), and others
3.2 Exceptions to Deletion
We may not be able to delete data in the following circumstances:
- Legal Obligations: We are required to retain data by law (e.g., tax law, financial regulations)
- Fraud Prevention: Data needed to prevent fraud or secure our systems
- Affiliate Accounting: Commission tracking data required for 7 years under tax law
- Dispute Resolution: Data needed to resolve complaints or legal disputes
- Data Aggregation: We may retain anonymized or aggregated data that cannot identify you
- Legitimate Business Needs: Data reasonably necessary for our operations (security, debugging)
When we cannot fully delete your data, we will explain why and offer to restrict its use instead.
4. How to Request Data Deletion
4.1 Submitting a Deletion Request
To request deletion of your personal data, contact us with:
Email: [email protected]
Subject Line: “Data Deletion Request” or “Right to be Forgotten Request”
In your request, please include:
- Your full name
- Email address associated with your account (if applicable)
- Clear statement that you are requesting deletion of your data
- Any specific data categories you want deleted (or request complete deletion)
- Your preferred contact method for our response
4.2 Identity Verification
We may ask you to verify your identity before processing a deletion request. This is to:
- Ensure the request is from you (not an unauthorized third party)
- Prevent accidental or malicious deletion
- Protect your personal information
Verification may require:
- Confirming specific details we have on file about you
- Providing a government-issued ID
- Confirming the email address associated with your account
4.3 Response Timeline
Processing time: We will respond to your deletion request within 30 days (or as required by applicable law).
Our response will include:
- Confirmation of data deleted
- Explanation of any data we cannot delete (with reasons)
- Options for restricting use of data we cannot delete
- Information about how to submit a complaint if unsatisfied
4.4 Deletion Confirmation
Once data is deleted, we will confirm:
- The deletion has been completed
- The specific data that was deleted
- Any data that could not be deleted (and why)
- Timeline for deletion of data held by third parties (if applicable)
5. Special Deletion Requests
5.1 Email Unsubscribe (Quick Deletion)
Fastest method for email subscribers:
Every marketing email includes an “Unsubscribe” link at the bottom. Clicking it will immediately:
- Remove your email from our marketing list
- Stop you from receiving newsletters
- Delete your email preferences
This is the quickest way to delete your email data. You don’t need to submit a formal request.
5.2 Cookie Deletion
To delete cookies, you can:
- Delete through browser settings: Clear your browser cookies (see Cookie Policy for instructions)
- Opt out of tracking: Use the opt-out links in our Cookie Policy
- Update preferences: Use our cookie preference center to disable specific cookies
For cookies set by third parties (Google Analytics, Facebook, etc.), you must use their opt-out mechanisms. We cannot delete cookies set by these providers on your behalf.
5.3 Affiliate Partner Data Deletion
If you have submitted information directly to our affiliate partners, their data handling and deletion policies apply. We cannot delete data held exclusively by them. Contact the partner directly for deletion requests.
6. Data Portability and Export
In addition to deletion, you have the right to request a portable copy of your data (GDPR and certain state laws):
- Format: We will provide data in a structured format (CSV, JSON, or similar)
- Scope: Includes all personal data we hold about you
- Timeline: Within 30 days of request
- Cost: Free (we do not charge for data portability)
To request data export, use the same contact method as deletion requests, but specify “Data Export Request” in the subject line.
7. Third-Party Data Deletion
7.1 Data Held by Third Parties
Some of your data is held by third parties on our behalf:
- Email Service Provider: Holds your email address for marketing communications
- Google Analytics: Holds browsing data and usage statistics
- Advertising Networks: Google Ads, Facebook, and others hold audience and conversion data
- Affiliate Partners: hold quote request and click data
7.2 Deletion Process for Third-Party Data
When you request deletion, we will:
- Delete data we control: Our direct records are deleted immediately
- Notify third parties: We will instruct our service providers to delete your data
- Provide deletion timelines: We will inform you how long third-party deletion takes
- Provide third-party contacts: We will give you contact information to request direct deletion from the provider
Typical third-party deletion timelines:
- Email Service Provider: 1-3 business days
- Google Analytics: Up to 5 months (data purges automatically)
- Google Ads / Facebook: 30-90 days
- Affiliate Partners: 7-30 days (per partner agreement)
8. Data Restriction (Alternative to Deletion)
If we cannot delete data due to legal or business reasons, you have the right to request data restriction (GDPR). This means:
- We keep the data: Your data remains in our systems
- We don’t use it: We stop processing and using the data
- Limited use: We only use it for legal defense or to satisfy other legal obligations
- You can object: You can object to continued restriction
Example: We may need to retain affiliate data for 7 years for tax purposes, but we can restrict marketing use while maintaining legal records.
9. Deletion Complications and Edge Cases
9.1 Aggregated or Anonymized Data
We may retain anonymized or aggregated data that cannot identify you. This data is not subject to deletion requests because it is not personal data. Examples:
- “50% of visitors come from mobile devices”
- “Average session duration is 3 minutes”
- “Most popular page is insurance guides”
9.2 Backup and Archive Systems
Your data may exist in our backup systems for disaster recovery. We will:
- Delete your data from active systems immediately
- Exclude your data from future backups
- Delete your data from backup systems within our standard backup retention period (typically 30-90 days)
9.3 Legally Required Data
If we are legally required to keep your data (tax law, financial regulations, fraud investigation), we cannot delete it. However, we will restrict its use to only what is legally required.
10. Appeals and Complaints
10.1 Appealing a Deletion Denial
If we deny your deletion request, you can:
- Request reconsideration: Ask us to reconsider the decision in writing
- File a complaint: Contact your local data protection authority
- Request restriction: Ask for data restriction as an alternative
10.2 Data Protection Authority Complaints
For EU/EEA Residents: You have the right to lodge a complaint with your local Data Protection Authority.
Find your authority: European Data Protection Authorities List
For California Residents: You can file a complaint with the California Attorney General’s office.
Contact: California Attorney General CCPA Page
11. Data Deletion from Automated Systems
Deletion may take time in automated systems because:
- Database cleanup: Data must be removed from all database backups (can take 30+ days)
- Cache systems: Data may be cached in performance systems (purged automatically over time)
- Third-party synchronization: Deletion must be communicated to all service providers
- Legal holds: Data may be placed on legal hold during disputes, preventing immediate deletion
We will inform you of these timelines when you submit a deletion request.
12. Contact for Retention and Deletion Questions
For questions about data retention, deletion, or this policy:
Email: [email protected]
Subject line: “Data Retention/Deletion Question”
We will respond within 7 business days.
13. Updates to This Policy
We may update this Data Retention and Deletion Policy to reflect:
- Changes in privacy law
- Updates to our data practices
- Changes to third-party retention periods
- Improvements to deletion procedures
Updates will be posted with a new “Last Updated” date at the top of this page. Significant changes will be communicated via email to subscribers.
Important Note: This policy supplements our Privacy Policy, Terms of Use, and Cookie Policy. In case of conflict, the most specific policy (this one for deletion/retention) takes precedence for those topics. For all other data practices, refer to the Privacy Policy.