Data Retention Policy
Last updated: June 4, 2026
Overview
This policy explains how long we retain different categories of data and the legal basis for each retention period. We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Our retention practices are designed to comply with GDPR, CCPA, UK GDPR, and the Australian Privacy Act.
Retention Periods by Data Category
| Data Category | Retention Period | Deletion Trigger | Legal Basis |
|---|---|---|---|
| Account Information | Account lifetime + 7 years | Account deletion + 7 years | Legal obligation (tax records) |
| Agent Execution Logs | 7-365 days (varies by plan) | Automatic based on subscription tier | Legitimate interests (debugging, support) |
| Email Processing Data | 30 days | Automatic | Contract performance |
| Meeting Transcripts (raw VTT) | 30 days | Automatic (30-day TTL); unprocessed transcripts purged immediately on access revocation | Contract performance; legitimate interests |
| Indexed Knowledge | Configurable (default 2 years) | Per source configuration or customer request | Contract performance |
| Billing Records | 7 years | Account deletion + 7 years | Legal obligation (tax records) |
| Audit Logs (UK/EU) | 3 years | Automatic | Regulatory requirement (GDPR) |
| Audit Logs (Australia) | 2 years | Automatic | Regulatory requirement (Privacy Act) |
| Audit Logs (US) | 1 year | Automatic | Legitimate interests (compliance) |
| Support Tickets | 3 years | Automatic after ticket closure | Legitimate interests (support quality) |
| Marketing Consent Records | Until withdrawn | Customer request | Consent |
| Session Data | 24 hours | Automatic | Contract performance |
| Analytics Data | 26 months | Automatic | Legitimate interests (service improvement) |
Meeting Transcript Retention
When you enable meeting-transcript access for an AI agent, Outermind stores the raw Microsoft Teams transcript (the verbatim VTT file) for meetings the supervising user attended, so the agent can extract projects, tasks, and action items on that user's behalf.
- Raw transcripts (VTT): retained for a maximum of 30 days, then automatically purged by a scheduled cleanup job. The legal basis is contract performance (processing the meeting on the customer's behalf) and legitimate interests.
- Derived work product: the short meeting summary and the projects and tasks the agent extracts are durable work product and persist beyond the 30-day window until you delete them.
- Revoke and purge: when a user revokes meeting-transcript access, no further transcripts are ingested for that user and any transcripts not yet processed are deleted immediately. Raw transcripts of meetings that have already been processed are purged automatically within the standard 30-day retention window.
Third-party participants: a meeting transcript contains the speech of every attendee, including colleagues and external guests who are not Outermind users. Customers (tenant administrators) are responsible for notifying meeting participants and obtaining any consent required by their jurisdiction, including two-party / all-party recording-consent laws and obligations toward third parties under GDPR and similar regimes. See your onboarding guide for the participant-notice responsibility.
LinkedIn Integration Data Retention
LinkedIn data is subject to strict retention limits mandated by LinkedIn's API Terms of Use. These limits supersede our general retention policies and cannot be extended:
| Data Category | Maximum Retention | Legal Basis |
|---|---|---|
| Member Social Activity (posts, comments, reactions) | 48 hours maximum | LinkedIn API Terms |
| Non-Authenticated Member Profile Data | 24 hours maximum | LinkedIn API Terms |
| Organization Social Activity | 6 weeks (6 months if org authenticated) | LinkedIn API Terms |
| Organization Admin & Reporting Data | 1 year | LinkedIn API Terms |
Note: When LinkedIn data falls under multiple retention requirements, the most restrictive (shortest) period applies. We automatically purge LinkedIn data according to these schedules regardless of your subscription tier.
Deletion on Disconnection: When you disconnect your LinkedIn integration or terminate your account, all LinkedIn data is deleted within 10 days, which is faster than our general 30-day account termination policy, in compliance with LinkedIn's Marketing API Terms.
Retention by Subscription Tier
Some retention periods vary based on your subscription tier:
| Tier | Agent Logs | Execution History | Knowledge Base |
|---|---|---|---|
| Basic | 7 days | 30 days | 6 months |
| Professional | 30 days | 90 days | 1 year |
| Pro Plus | 1 year | 1 year | 2 years |
Deletion Processes
Data is deleted through the following processes:
- Automatic Deletion: Data subject to automatic retention periods is deleted by scheduled jobs that run daily.
- Customer Request: Upon receiving a valid deletion request, we delete data within 30 days (GDPR) or 45 days (CCPA).
- Account Termination: When you terminate your account, all customer data is permanently deleted within 30 days, except data required for legal compliance.
- LinkedIn Integration Data: LinkedIn data is subject to accelerated deletion—deleted within 10 days of integration disconnection or account termination, per LinkedIn's Marketing API Terms.
- Backup Retention: Backups may retain deleted data for up to 30 additional days for disaster recovery purposes before being purged.
Exceptions to Deletion
We may retain data beyond the stated retention periods in the following circumstances:
- Legal Holds: When we are required to preserve data due to litigation, government investigation, or other legal requirements.
- Tax and Accounting: Financial records required for tax compliance (typically 7 years).
- Fraud Prevention: Data necessary to prevent fraud or enforce our terms of service.
- Anonymized Data: Data that has been fully anonymized is no longer considered personal data and may be retained indefinitely for analytics.
Data Export Before Deletion
Before account termination or upon request, you may export your data in the following formats:
- JSON: Machine-readable format for technical users
- CSV: Spreadsheet-compatible format for business users
To request a data export, contact us at privacy@outermind.ai.
Third-Party Data Retention
Our sub-processors have their own data retention policies:
- Microsoft Azure: Data deleted upon our request per our DPA
- Stripe: Payment data retained per PCI-DSS requirements
- Azure AI Foundry: No data retention (zero data retention policy)
See our Sub-Processors page for the complete list.
Policy Updates
We may update this policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated through the Outermind dashboard or via email at least 30 days before they take effect.
Contact Us
For questions about our data retention practices, contact us at privacy@outermind.ai.