Data Retention Policy
Last updated: 17 June 2026
This Data Retention Policy explains how long TalesNTokens keeps data and when it deletes, anonymises, or preserves data. It should be read with the Privacy Policy, Account Deletion Policy, GDPR Data Rights Policy, and Security Policy.
Definitions
"Retention period" means the period TalesNTokens normally keeps a category of data.
"Deletion" means removing data from active systems where reasonably possible.
"Anonymisation" means altering data so it no longer identifies a person.
"Preservation hold" means retaining data because of a legal, safety, payment, copyright, or security need.
Scope
This policy applies to account data, authentication records, sandbox sessions, rooms, game state, maps, tokens, character sheets, notes, uploads, marketplace records, payments, emails, analytics, reports, moderation records, support records, security logs, and backups.
Retention Schedule
| Data category | Normal retention |
|---|---|
| Account profile and authentication linkage | Account lifetime, then deletion/anonymisation within 30 days where no retention hold applies |
| Supabase auth sessions in browser localStorage | Until logout, expiry, browser clearing, or account deletion flow |
| Sandbox sessions | 24 hours, then cleanup |
| Rooms, memberships, gameboards, game state, maps, notes, characters, uploaded assets | Until user deletion, room deletion, account deletion, or takedown, subject to backups and retention holds |
| Marketplace listings | Listing lifetime, then 2 years after delisting unless transactions or disputes require longer |
| Marketplace purchases and licence records | 6 years after transaction or longer if required for tax, accounting, consumer, legal, or dispute reasons |
| Stripe transaction metadata | 6 years after transaction or longer where required |
| Creator payout and tax records | 6 years after tax year or longer where required |
| Refunds and chargebacks | 6 years after dispute closure |
| Copyright notices and counter-notices | 6 years after closure |
| Moderation and safety records | 2 years after closure; 6 years or longer for serious legal/safety matters |
| Child safety records | As required by law and safety obligations; access strictly limited |
| Support correspondence | 2 years after closure; 6 years for legal/payment disputes |
| Security logs | 90 days by default; longer for incidents or abuse investigations |
| Analytics data | Up to configured analytics retention period, normally no more than 26 months |
| Mailing-list records | Until unsubscribe; suppression record retained as needed to honour opt-out |
| Backups | Rolling backup period up to 90 days unless provider configuration differs |
Deletion From Backups
Data deleted from active systems may remain in encrypted or access-controlled backups until the backup expires. TalesNTokens will not restore deleted data from backup except where necessary for disaster recovery, legal compliance, or safety/security investigation.
Preservation Holds
TalesNTokens may preserve data beyond normal retention for:
- legal claims;
- tax and accounting;
- consumer disputes;
- chargebacks and fraud;
- copyright disputes;
- child safety reports;
- security incidents;
- regulatory investigations;
- enforcement and appeals.
User Obligations
Users should delete content they no longer need, avoid uploading unnecessary personal data, export needed content before requesting deletion, and clear local browser storage on shared devices.
Platform Obligations
TalesNTokens will maintain retention schedules, delete or anonymise expired data where feasible, document preservation holds, and review retention periods as the Platform changes.
Contact Procedures
Retention questions: privacy@talesntokens.com
Enforcement Procedures
TalesNTokens may restrict deletion where retention is necessary for legal, safety, payment, copyright, or security reasons.
Appeals Process
Users may challenge retention decisions by emailing appeals@talesntokens.com. Data protection complaints may also be made to the ICO or an EU supervisory authority.