1. Principles
- Necessity: data is retained only for as long as needed to fulfill the purpose stated in the Privacy Policy.
- Legal obligation: some data is retained for periods set by law (invoices, accounting records, logs required by Brazil's Marco Civil).
- Minimization: data that is no longer useful or that exceeds the period is automatically discarded or anonymized.
- Subject right: the data subject may request early erasure — fulfilled within 15 days, except where mandatory retention applies.
2. Canonical retention table
| Category | Period | Basis / reason |
|---|---|---|
| Operator account data | While account is active | Contract performance (LGPD Art. 7, V) |
| End-Contact data (uploaded by Customer) | While Customer account is active | Reverba acts as Processor — follows Customer instructions |
| Messages (WhatsApp, marketplaces) | While account is active | Contract performance |
| Marketplace OAuth tokens | Until revoked or natural expiration | Erased immediately on seller revocation; rotated per source platform TTL |
| Invoices and tax documents | 5 years after issuance | Brazilian Law 5.474/68; CTN Art. 174 (tax decay period) |
| Audit logs | 2 years | Marco Civil da Internet (Law 12.965/2014, Art. 15) and LGPD Art. 7, II |
| Application logs (Pino) | 90 days | Incident investigation; automatic rotation after the period |
| Postgres operational backups | Rolling 30 days | Operational recovery; automatic overwrite |
| Webhook logs (push inbox) | 30 days | Replay and idempotency; purged by scheduled job |
| Aggregated anonymous metrics (GA via GTM) | Per Google Analytics policy | No personal identifiers; IP anonymized by GTM |
3. Disposal procedure
- Postgres data: disposal via transactional
DELETEfollowed byVACUUM, which effects physical removal and releases space. Backups with older copies are erased on normal rotation (within 30 days). - Attachments and media: files on a separate volume are deleted along with the primary record and overwritten in the next backup cycle.
- Encrypted tokens: upon revocation, the record is deleted from the database; encryption key remains valid for other tokens (no impact on active customers).
- Immutable logs (audit log): not deleted individually; purged in bulk after the retention period (2 years), per policy.
4. Data subject request
The data subject can request early erasure through the DPO channel (privacidade@reverba.com.br). Reverba responds within 15 calendar days.
- If the subject is an Operator: the operation is executed directly.
- If the subject is an End-Contact (Customer's final customer): the request is forwarded to the Customer (Controller) and executed after documented instruction — within 15 days.
- Data under mandatory legal retention (invoices, audit logs) is kept for the remaining period and erased at its end. The subject is informed of the exception.
5. End of contract with the Customer
- Grace period: 30 days after cancellation — data remains accessible for reactivation or export.
- After 30 days: all product data (Operators, Contacts, messages, tokens) is erased. Invoices and audit logs follow legal periods.
- Confirmation: the operations team sends email confirmation to the account owner about the disposal.
Related documents: Privacy Policy, Information Security Policy, Incident Response.