Last Updated: 6 July 2025
1. Purpose & Scope
This policy defines how long Sp5der retains customer data and our procedures for secure deletion in compliance with:
- GDPR (Article 5)
- CCPA
- Google Ads data requirements
2. Data Retention Periods
Customer Order Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Order details | 5 years | Tax/legal compliance |
| Payment records | 7 years | Financial regulations |
| Shipping information | 3 years | Customer service needs |
Marketing Data
| Data Type | Retention Period | Condition |
|---|---|---|
| Email subscribers | Until opt-out | Active consent |
| Website analytics | 26 months | Google Analytics default |
3. Deletion Procedures
Automatic Deletion
- Inactive accounts (3+ years): Automatically purged
- Marketing data: Removed immediately upon opt-out
Request-Based Deletion
Customers may request deletion by:
- Emailing privacy@sp5derhoodies.com.co
- Verifying identity
- Processing within 30 days (GDPR standard)
Note: We may retain certain data where required by law.
4. Google-Specific Requirements
- User-level data in Google Ads: Retained for 18 months
- Conversion data: Aligned with Google’s 540-day policy
- Custom audience lists: Refreshed every 30 days
5. Data Storage Locations
- Primary: US-based servers (AWS/GCP)
- Backups: Encrypted and stored separately
6. Backup Protocol
- Nightly encrypted backups
- Retention: 90 days before rotation
- Deletion requests apply to active data only
7. Exceptions to Deletion
Data may be retained beyond standard periods for:
- Active fraud investigations
- Legal disputes
- Tax/regulatory requirements
8. Policy Updates
Reviewed annually or when regulations change.
9. Contact
Data Protection Officer
📧 Email: dpo@sp5derhoodies.com.co
📞 Phone: +1 332 252 9275