Data Retention Policy

Last updated: May 24, 2026

We keep the minimum data needed to run the service, and only for as long as we need it. You can delete your account and all associated data at any time from Settings.

1. Overview

This policy describes how long DailyTaskProAI retains each category of data, when we delete it, and how you can request deletion. It applies to all users globally and forms part of our Privacy Policy.

2. Retention Periods

Category	Retention period	Deletion trigger
Account profile (name, email, plan)	While account is active	Deleted within 30 days of account closure
OAuth tokens (Google, Microsoft)	While integration is connected	Revoked immediately on disconnect or account deletion
Email metadata (subject, sender, dates)	While account is active	Deleted within 30 days of account closure
Email body content (cached for AI scoring)	Up to 90 days	Automatically purged after 90 days; can be cleared earlier via "Clear cache" in Settings
AI-generated drafts & replies	While account is active or 12 months, whichever is shorter	Auto-purged after 12 months of inactivity
Tasks & priorities (DailyTaskProAI-generated)	While account is active	Deleted within 30 days of account closure
Calendar event cache	Until next sync (typically < 5 minutes)	Overwritten on every sync
Audit logs (login, OAuth, payment events)	12 months	Rolling deletion
Application server logs	30 days	Rolling deletion
Database backups	30 days	Rolling rotation
Payment records (Razorpay/Stripe)	7 years (or as required by tax law)	Retained per legal/tax obligations
Aggregated, anonymized analytics	Indefinite	Cannot be re-identified to a user

3. Google User Data — Special Handling

Data received from Google APIs (Gmail messages, Calendar events) is handled under our Google API Services User Data Policy commitments. In particular:

Email body content is cached for a maximum of 90 days to support AI re-scoring as user context changes. After 90 days the cached body is permanently purged.
Email metadata (sender, subject, internal date) is retained to power priority history and analytics, and is deleted within 30 days of account closure.
OAuth tokens are encrypted at rest using AES-256-CBC with a key stored in environment variables (not the database).
Disconnecting Gmail or Outlook from Settings → Integrations immediately revokes the OAuth grant with Google/Microsoft AND removes the stored refresh token from our database.

4. User-Initiated Deletion

Self-service: Delete Account

You can delete your account at any time from Settings → Account → Delete Account. Once confirmed:

OAuth tokens are revoked with Google and Microsoft within 60 seconds.
All personal data (profile, tasks, replies, integrations, settings, email cache) is permanently deleted within 30 days.
Payment history is retained for legal/tax obligations only.
Anonymized aggregated metrics may remain but cannot be re-identified to you.

Self-service: Disconnect an Integration

From Settings → Integrations you can disconnect Gmail, Outlook, or any other integration. This revokes the OAuth grant immediately and removes the stored refresh token.

Self-service: Clear Email Cache

From Settings → Privacy → Clear Email Cache you can purge all cached email body content before the 90-day automatic expiry.

Manual Requests

To request data export, deletion, or any other data subject right outside the app, email privacy@dailytaskproai.com. We respond within 7 business days and complete most requests within 30 days.

5. Legal Holds & Exceptions

In rare cases we may retain data beyond the periods above when:

Required by applicable law (e.g., tax, anti-fraud, or court order).
Necessary to investigate a security incident or violation of our Terms.
Needed to defend against legal claims.

In all such cases, access is restricted to authorized personnel and the data is deleted as soon as the legal basis ends.

6. Changes to This Policy

We may update this policy as our service evolves. Material changes are notified to active users by email at least 30 days before they take effect.

7. Contact

Questions or deletion requests: privacy@dailytaskproai.com