Data Retention | BttrForm

Data retention policies define how long BttrForm stores your data and what happens when that period expires. Proper data retention is not just good housekeeping -- it is a requirement of compliance frameworks like GDPR, HIPAA, and SOC 2. BttrForm gives you the controls to configure retention policies that match your regulatory obligations and business needs.

Default Retention Policies

By default, BttrForm retains data indefinitely unless you configure a specific retention policy. This means form responses, file uploads, and account data remain in the system until you manually delete them or set up an automated retention policy.

Data Type	Default Retention	Notes
Form responses	Indefinite	Until manually deleted or retention policy applied
File uploads	Indefinite	Stored in encrypted object storage
Audit logs	365 days minimum	Required by SOC 2; configurable up to 7 years
Account data	Until account deletion	Profile, settings, preferences
Analytics data	90 days (detailed), 2 years (aggregated)	Detailed events auto-aggregate after 90 days
Session data	24 hours after expiry	Automatically cleaned up
Deleted form data	30 days (soft delete)	Recoverable during soft delete window

No Surprise Deletions

BttrForm never deletes your data without your explicit configuration. Default retention is indefinite, so your data is preserved until you decide otherwise.

Configuring Retention Policies

You can set retention policies at the organization level or per individual form.

Organization-Level Retention

Navigate to Settings > Compliance > Data Retention.
Set the default retention period in days. This applies to all forms that do not have a form-specific policy.
Choose what happens when data expires:
- Delete permanently -- Data is irrecoverably removed.
- Archive -- Data is moved to cold storage (accessible on request, not visible in dashboard).
Save your settings.

Form-Level Retention

Individual forms can override the organization default:

Open the form in the form builder.
Go to Form Settings > Data Retention.
Set a custom retention period for this form.
Save the form.

Form-level policies always take precedence over the organization default.

Minimum Retention Periods

Depending on your compliance requirements, certain minimums apply:

Compliance Framework	Minimum Retention	Data Type
SOC 2	365 days	Audit logs
HIPAA	6 years	PHI-related records
GDPR	No minimum (purpose-based)	Personal data
General	30 days	All data (soft delete window)

Compliance Minimums

BttrForm enforces minimum retention periods based on your organization's compliance settings. If HIPAA mode is enabled, you cannot set a retention period shorter than 6 years for forms containing PHI.

Audit Log Retention

Audit logs have their own retention rules, separate from form response data.

Default: 365 Days

SOC 2 requires a minimum of 365 days of audit log retention. This is the default for all BttrForm organizations and cannot be reduced below this threshold.

Extended Retention

Organizations on Business and Enterprise plans can extend audit log retention:

Plan	Maximum Retention
Free	365 days (fixed)
Pro	365 days (fixed)
Business	Up to 3 years
Enterprise	Up to 7 years

To configure extended retention:

Navigate to Settings > Compliance > Audit Log Retention.
Select your desired retention period.
Save. The new retention period applies to all future audit log entries. Existing entries are retained for whichever period is longer -- the old setting or the new setting.

Immutable Logs

Audit logs are immutable once written. They cannot be edited or deleted by any user, including organization owners. This ensures the integrity of your audit trail for compliance purposes.

Automatic Deletion Behavior

When data reaches the end of its retention period, BttrForm processes it through an automated deletion pipeline.

How Automatic Deletion Works

1. Daily cron job runs at 2:00 AM UTC
2. Identifies records past their retention period
3. Records marked for deletion (soft delete)
4. 30-day grace period begins
5. After grace period, data permanently deleted
6. Deletion logged in audit trail
7. Associated files removed from object storage

Important Details

Irreversible after grace period -- Once the 30-day grace period expires, data is permanently deleted and cannot be recovered.
Cascade deletion -- When a form response is deleted, associated file uploads are also deleted.
Batch processing -- Deletion runs in batches to avoid performance impact. Large datasets may take multiple cycles to fully process.
Deletion confirmation -- Organization admins receive a weekly summary email listing data deleted by retention policies.

Permanent Deletion

Automatic deletion is irreversible after the 30-day grace period. Ensure you have exported any data you need to keep before the retention period and grace period expire.

Export Before Delete

BttrForm provides multiple ways to export your data before retention policies take effect.

Manual Export

Navigate to Responses for the form you want to export.
Click Export and choose your format (CSV, JSON, or Excel).
Select the date range or specific responses to export.
Download the export file.

Scheduled Exports

Set up automatic exports that run before retention deletion:

Go to Form Settings > Data Retention > Pre-Deletion Export.
Enable automatic export before deletion.
Choose the export format and destination:
- Email -- Export file sent to specified email addresses.
- Webhook -- Export data posted to a webhook URL.
- Cloud storage -- Export pushed to your S3 bucket or Google Cloud Storage (Enterprise plans).
Exports run 7 days before the retention period expires, giving you time to verify the export before data is deleted.

Bulk Export

For large-scale exports across multiple forms:

Navigate to Settings > Data > Export.
Select the forms and date ranges to include.
BttrForm generates the export asynchronously and notifies you when it is ready for download.
Export files are available for 7 days before they are automatically removed.

Under GDPR Article 17, individuals have the right to request deletion of their personal data. BttrForm provides tools to handle these requests.

Handling Deletion Requests

When you receive a deletion request from a respondent, navigate to Settings > Compliance > Data Requests.
Click New Erasure Request.
Enter the respondent's identifying information (email address, name, or submission ID).
BttrForm searches across all forms for matching responses.
Review the matched records and confirm deletion.
Data is permanently deleted (no soft delete period for GDPR erasure requests).
A record of the erasure request is retained in the audit log for compliance documentation.

Data Subject Access Requests (DSAR)

Before deleting data, respondents may request a copy of their data:

Navigate to Settings > Compliance > Data Requests.
Click New Access Request.
Enter the respondent's identifying information.
BttrForm compiles all data associated with that individual across your forms.
Export is generated in a machine-readable format (JSON) and can be sent directly to the requester.

Response Timeline

GDPR requires data access and erasure requests to be fulfilled within 30 days. BttrForm's tools allow you to process most requests within minutes, giving you ample time to review and respond.

Retention Periods by Data Type

The following table summarizes the configurable retention periods for each data type in BttrForm.

Data Type	Minimum	Default	Maximum	Configurable
Form responses	30 days	Indefinite	Indefinite	Yes
File uploads	30 days	Indefinite	Indefinite	Yes
Audit logs	365 days	365 days	7 years	Yes (Business/Enterprise)
Analytics (detailed)	30 days	90 days	365 days	Yes
Analytics (aggregated)	90 days	2 years	Indefinite	No
Session data	N/A	24 hours	24 hours	No
Soft-deleted data	N/A	30 days	30 days	No
GDPR erasure records	365 days	3 years	7 years	Yes