Active data
Identity and audit data
Identity and audit data have separate retention and aren’t subject to subscription state:
Six-year retention satisfies HIPAA’s audit requirement.
On account deletion
When you delete your account from Settings → Profile:- Within 7 days — the deletion is reversible. Email support to restore.
- After 7 days — all of your owned datasets, connectors, and personal data are deleted. Audit log entries you generated are preserved but anonymized (you’re identified by user ID, not email or name, in older entries).
- Datasets owned by you in Enterprise organizations — transferred to the org owner unless you’ve explicitly transferred them first.
- Datasets shared with you — your grants are revoked; the datasets remain owned by their owner.
On organization deletion (Enterprise)
When an organization is deleted:- All datasets, connectors, and members are scheduled for deletion within 30 days.
- Identity audit logs are retained for the full 6 years (regulatory requirement).
- Active sessions are invalidated immediately.
- Members are notified by email; their personal accounts and data unrelated to the org persist.
Data export before deletion
Before any deletion event, you can export:- Per-dataset — PDF reports of every analysis tab from the dataset menu.
- Per-organization — full data export via support@summand.com; delivered as a tarball within 5 business days.
- Identity audit logs — exported via the WorkOS Admin Portal in CSV or JSON.
Backups
All Summand infrastructure is backed up continuously to AWS-managed snapshots:- DynamoDB — point-in-time recovery enabled, 35-day window.
- S3 — versioning + cross-region replication.
- Secrets — managed by AWS Secrets Manager with automatic rotation where supported.
Data locality
All data lives in AWSus-east-1 (Northern Virginia). For customers with residency requirements outside the US, contact sales — see Compliance.