Data Retention Policy
Last updated: May 9, 2026
ApexPitCore retains different categories of data for different periods based on operational need, legal requirements, and contractual obligations. This schedule governs how long we retain data by default. Shop accounts may have different retention needs and should consult with legal counsel regarding their specific state and industry requirements.
| Data Category | Default Retention | Notes |
|---|---|---|
| Shop account profile | Subscription duration + 3 years | Anonymized on account deletion |
| Employee accounts | Subscription duration + 3 years | Deactivated accounts retained for audit trail |
| Customer PII (name, contact) | 7 years from last service | Can be anonymized on valid deletion request; financial records retained |
| Vehicle records (VIN, plate) | 7 years from last service | Associated with repair records for liability purposes |
| Repair orders | 7 years | State laws vary; some require longer retention |
| Estimates | 7 years | |
| Invoices and payments | 7 years | Required for tax compliance; personal data may be anonymized while record structure is retained |
| SMS and email logs | 2 years | Delivery metadata, not full message body for marketing |
| Consent records (SMS opt-in/out) | 5 years from last event | TCPA compliance evidence |
| Inspection records and photos | 5 years | May be subject to vehicle warranty claims |
| Audit logs (activity_logs) | 3 years | Security event logs: 2 years |
| Application logs | 90 days | Automated rotation |
| Backup snapshots | Per backup policy (default 30 days rolling) | Configurable per organization |
| Privacy request records | 5 years | Compliance evidence |
| Security events | 2 years | |
| Incident records | 5 years | Breach records may require longer retention |
Financial Record Retention Note
Invoices and payment records are retained for a minimum of 7 years to satisfy IRS guidelines for business record retention. When a customer requests deletion of their personal information, their identifiable contact details are anonymized, but the financial record structure (amounts, dates, service descriptions, tax) is retained to fulfill these legal obligations.
Requesting Deletion
To request deletion of personal data, visit /privacy/request. We will process your request within 45 days and notify you of which data can be deleted and which must be retained under applicable law.