Data Retention Policy
Effective Date: January 1, 2026
Last Updated: December 24, 2025
Version: 1.0
1. Introduction
This Data Retention Policy explains how long Driblink retains different types of your personal data and the reasons we retain data for specific periods. We follow the principle of data minimization: we keep data only as long as necessary for the purposes specified in our Privacy Policy.
We comply with data protection regulations including GDPR, CCPA, PDPA, and LGPD. You have the right to request deletion of your personal data, subject to legal and operational exceptions outlined in this policy.
2. Data Retention by Category
2.1 Account and Profile Data
- Retention Period: Until account deletion
- Data Included: Name, email, phone, date of birth, position, bio, avatar
- Reason: Service delivery and account functionality
- User Control: Can update or delete at any time
2.2 Game and Club Records
- Retention Period: Indefinite (historical records)
- Data Included: Game results, club memberships, team assignments, scores
- Reason: Historical accuracy for leaderboards and community records
- User Control: Read-only; preserved for data integrity
- Note: Retained even after user account deletion
2.3 Performance Statistics
- Retention Period: Indefinite
- Data Included: Goals, assists, wins, losses, player ratings, Man of the Match awards
- Reason: Performance tracking and leaderboards
- User Control: View your own stats; cannot delete
2.4 User Reviews and Ratings
- Retention Period: Indefinite
- Data Included: Venue reviews, player ratings, feedback and comments
- Reason: Community trust and reputation maintenance
- User Control: Can edit or delete own reviews
2.5 Transaction Records
- Retention Period: 7 years
- Data Included: Payments, refunds, booking fees, invoices
- Reason: Legal compliance (tax, accounting, fraud prevention)
- User Control: Cannot delete; required by law
- Note: Payment card details are not stored by Driblink
2.6 Authentication and Login History
- Retention Period: 2 years
- Data Included: Login timestamps, IP addresses, device information
- Reason: Security, fraud detection, account recovery
- User Control: Can view login activity in account settings
- Note: Automatically purged after 2 years
2.7 Support and Communication Records
- Retention Period: 1 year
- Data Included: Support tickets, email exchanges, feedback submissions
- Reason: Issue resolution, quality improvement, legal protection
- User Control: Can view own support history
- Note: Extended retention for ongoing disputes
2.8 Session and Device Data
- Retention Period: 30 days
- Data Included: Session tokens, device IDs, browser cookies
- Reason: Authentication and security
- User Control: Can terminate sessions from account settings
- Note: Automatically cleared; not user-visible
2.9 System Logs and Error Data
- Retention Period: 90 days
- Data Included: Server logs, error traces, system events
- Reason: Debugging, security monitoring, performance analysis
- User Control: Not accessible to users
- Note: Does not contain personal information
2.10 Analytics and Cookies
- Retention Period: 13 months
- Data Included: Analytics data, behavioral patterns, session analytics
- Reason: Service improvement and analytics
- User Control: Can disable in privacy settings or browser
- Note: Non-identification tracking only
2.11 Account Deletion Grace Period
- Retention Period: 30 days
- Data Included: Account data marked for deletion
- Reason: Accident recovery and data safety
- User Control: Can restore account within 30 days
- Note: Permanently deleted after grace period
2.12 Audit and Compliance Logs
- Retention Period: 2 years
- Data Included: Admin actions, data access logs, system changes
- Reason: Regulatory compliance and audit trails
- User Control: Can request audit of own data
- Note: Required for legal compliance
3. Retention Summary Table
| Data Type | Period | Reason | Deletable |
|---|
| Account Profile | Until deletion | Service delivery | Yes |
| Game History | Indefinite | Historical records | No* |
| Statistics | Indefinite | Performance tracking | No* |
| Reviews/Ratings | Indefinite | Community trust | Partial |
| Transactions | 7 years | Legal compliance | No |
| Auth Logs | 2 years | Security | No |
| Support Tickets | 1 year | Issue resolution | No |
| Sessions | 30 days | Authentication | Auto-delete |
| Error Logs | 90 days | Debugging | No |
| Cookies | 13 months | Analytics | User control |
*Preserved for data integrity and other users' benefit
4. User Rights Regarding Data Retention
Access Your Data
You have the right to access all personal data we hold about you. Use our data export feature:
- Method 1: Account Settings → Privacy → Export Data
- Method 2: API:
POST /api/user/export-data - Method 3: Email: privacy@driblink.com
Delete Your Data
You can request deletion of your personal account data at any time. Some data may be retained for legal reasons:
- Method 1: Account Settings → Privacy → Delete Account
- Method 2: API:
POST /api/user/delete-account - Method 3: Email: privacy@driblink.com
- Grace Period: 30 days to restore account
Data Retained After Deletion
When you delete your account, the following data is NOT deleted (preserved for legal/business reasons):
- Game history and results (affects other players' statistics)
- Transaction records (7-year tax/legal requirement)
- Your goals and assists in games (part of game records)
- Reviews you've written (community data)
- Audit logs (2-year compliance requirement)
Correct Your Data
You can update your personal information at any time through account settings. Changes take effect immediately.
Restrict Processing
You can restrict how your data is processed by opting out of optional features in account privacy settings.
5. Legal and Regulatory Requirements
GDPR Compliance (EU/UK/EEA)
We comply with GDPR Article 5(1)(e) - Storage Limitation Principle:
- Data kept no longer than necessary
- Regular review of retention periods
- Legal basis documented for extended retention
- Your rights to deletion honored (within exceptions)
CCPA Compliance (California)
We comply with CCPA §1798.105 - Deletion Rights:
- You can request deletion of personal information
- Business necessity exceptions documented
- Deletion verified and logged
Tax and Accounting Requirements
Transaction records must be retained for 7 years in most jurisdictions:
- UK: 6 years minimum
- US: 7 years minimum
- EU: Varies by country (typically 5-10 years)
- Australia: 5 years minimum
Fraud Prevention
We retain authentication logs and device information for 2 years to detect suspicious patterns and prevent fraud.
6. Automatic Data Deletion Process
Automated Cleanup
Driblink automatically deletes data according to this schedule:
- Daily: Expired sessions (older than 30 days)
- Weekly: Deleted accounts after grace period (30 days)
- Monthly: Error logs older than 90 days
- Quarterly: Auth logs older than 2 years
- Annually: Cookies older than 13 months
Secure Deletion
All deleted data is permanently removed using cryptographic key destruction. Deletion is verified and logged for compliance.
7. Changes to This Policy
We may update retention periods due to legal requirements or service changes. We will notify you at least 30 days before any material changes take effect.
If you disagree with updated retention periods, you may delete your account and request data deletion before the changes take effect.
8. Contact Information
Questions About Data Retention
For questions about our data retention practices, contact our Privacy Team:
Email: privacy@driblink.com
Response Time: 5-10 business days
Data Deletion Requests
To request deletion of your personal data:
Timeline: Deletion processed within 30-45 days for GDPR/CCPA compliance
Last Updated: December 24, 2025
Effective Date: January 1, 2026
Policy Version: 1.0
By using Driblink, you acknowledge that you have read this Data Retention Policy and understand how your data is retained and deleted.
