Data Retention Policy

This policy describes how long 5000fish, Inc. retains different categories of data related to your use of DashboardFox, why we retain it, and how and when it is deleted. This policy applies to our cloud-hosted service. Self-hosted deployments are managed entirely by the customer.

This policy supports our obligations under GDPR (EU and UK), CCPA, and other applicable privacy regulations. It should be read alongside our Privacy Policy and Data Processing Agreement.

Customer Workspace Data

Each DashboardFox customer workspace runs in its own dedicated, isolated database. We distinguish between two types of data stored there:

• Platform metadata — users, roles, permissions, report and dashboard definitions, data source configurations, semantic layers, and application settings you create inside DashboardFox.
• Imported data — data you bring into DashboardFox via Excel uploads or API data sources. This data is stored in your dedicated database at your direction.

Live database connections are never stored. When you connect DashboardFox to an external database, we query it on demand and retain nothing.

The 30-day window exists to allow reactivation. Once deletion executes, all workspace data — including platform metadata, imported data, database credentials, and encrypted backups — is permanently and irreversibly destroyed. This process is fully automated.

You may request early deletion of your workspace at any time by contacting team@dashboardfox.com. Account owners can also self-service delete their workspace directly from the management portal.

Backups

We run nightly encrypted backups of all customer databases to Backblaze B2 object storage. Backups are encrypted with AES-256 before leaving our servers.

When a workspace is deleted, its associated backups are also deleted as part of the same deletion process. Backups do not outlive the workspace they belong to.

In-App Audit Logs (Workspace)

DashboardFox records an audit trail of user actions inside each workspace — report executions, permission changes, data source access, and administrative events. Retention depends on your subscription tier:

System & Compliance Audit Logs

We maintain separate audit and event logs at the platform level for compliance, billing integrity, and regulatory purposes. These are distinct from workspace-level audit logs and are governed by different retention rules.

• Subscription events and billing audit trail — retained for 7 years to satisfy tax, financial, and GDPR accountability requirements. These records are never deleted by automated cleanup processes.
• GDPR compliance audit logs — retained for 7 years per GDPR accountability obligations (Article 5(2)).
• PostgreSQL database audit logs — retained locally for 30 days, then archived to Backblaze B2 for long-term storage.
• System and infrastructure logs — retained for 90 days, then automatically deleted.
• Deployment and configuration change logs — retained for 180 days, then automatically deleted.
• Security events — retained for 90 days, then automatically deleted.
• Completed job records (deployments, tier changes, deletions) — retained for 90 days after completion, then automatically deleted.

Management Account Data

Your account in the DashboardFox management portal (my.dashboardfox.app / my-eu.dashboardfox.app) stores your name, email address, authentication credentials, and account history. This record is separate from your workspace data.

Management account records are retained while your account is active. You may request deletion of your management account at any time, provided all associated workspaces have been removed or transferred first. Deletion requests can be submitted to team@dashboardfox.com.

Billing & Financial Records

Billing and payment data is processed and stored by our payment processors — Chargebee (subscription management), Stripe (EU payments), and Authorize.net (US payments). We retain a synchronized record of billing history in our management database.

We never store full payment card numbers. Card data is tokenized and managed entirely by our PCI-compliant payment processors.

Support & Communication Records

Support interactions — including live chat via HelpCrunch and support tickets via our ticketing system — are retained for the duration of your account relationship and for a reasonable period thereafter to support dispute resolution and service continuity.

Authentication Tokens

Expired magic links, password reset tokens, and email verification tokens are automatically purged 7 days after their expiry date. No manual action is required.

Right to Erasure (GDPR / CCPA)

If you are located in the EU, UK, or California and wish to exercise your right to erasure or data portability, please contact team@dashboardfox.com. We will respond within 30 days.

Note that some data — specifically billing records and compliance audit logs — must be retained for the periods described above regardless of an erasure request, where required by law.

Legal Hold

Where data is subject to an active legal dispute, regulatory investigation, or other legal hold, normal retention schedules are suspended for the affected data until the matter is resolved. We will notify you where legally permitted to do so.

Self-Hosted Deployments

If you run DashboardFox on your own infrastructure, you are the data controller and operator for all data within that installation. This policy does not apply. You are responsible for defining and implementing your own data retention practices in accordance with applicable law.