Data retention
OptSens holds two kinds of data: the consent data your visitors generate, and the account data you generate as a customer. They are kept on different rules. This page explains both and what deletion does to each.
Visitor consent data
Each visitor choice is a consent record. Two separate periods apply to it: how long the consent is valid, and how long the record is stored.
Consent lifetime controls validity. It is set per domain in Privacy Settings, between 30 and 360 days, with a default of 180 days. When it expires, the visitor is asked again. Expired records remain stored as an audit trail for the storage period below.
Consent log retention controls storage. Records are stored for the retention period of your plan, counted from the moment the record was created, and are removed automatically after it:
| Plan | Consent log retention |
|---|---|
| Essential | 30 days |
| Plus | 90 days |
| Pro | 1 year |
| Business | 2 years |
| Custom | 3 years |
If a domain's subscription ends, its consent records are stored for 90 days from their creation and then removed, regardless of the previous plan.
To remove a single visitor's records earlier, delete them through the REST API right-to-erasure endpoint or handle the request through a DSAR. The delete action removes all consent records for that visitor and is audit-logged.
Account and billing data
When you close your account, most data is deleted outright: your domains and their settings, your sessions, payment methods, and login records.
Invoices and the supporting financial records are different. They are not hard-deleted. Instead they are anonymized: the link to your user account is removed, payment secrets and gateway references are stripped, and only the fields legally required to remain on an invoice are kept (amounts, tax data, the invoice header, the masked card already on the receipt). The row is marked with an anonymization date.
This is to satisfy a 10-year accounting retention obligation while still honoring the right to erasure of personal data. The right-to-erasure carve-out for a legal retention obligation is what permits keeping the anonymized invoice. After the 10-year window passes, the anonymized financial rows are purged.
| Data | On account deletion |
|---|---|
| Domains and their settings | Deleted |
| Payment methods | Deleted |
| Sessions and login records | Deleted |
| Invoices and financial records | Anonymized, retained for the accounting window, then purged |
For the full account-closure walkthrough, see delete account.
Before you can delete an account
Account deletion is blocked while you have an unresolved financial obligation: an unpaid overage charge, a subscription in past-due after a failed renewal, or an unpaid invoice. Settle those first, then the deletion proceeds.