Purpose
This Data Retention Policy explains how long we keep your data, why we retain it, and how we securely delete it when it is no longer needed. This policy applies to all data collected through the Shashin! Service operated by FrontHAUS Pte. Ltd., a company incorporated under the laws of the Republic of Singapore. Our data retention practices comply with the Personal Data Protection Act 2012 (PDPA) of Singapore, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
General Retention Principles
We retain personal data only for as long as necessary to:
- Provide the Service to you
- Comply with legal and regulatory obligations
- Resolve disputes and enforce agreements
- Support legitimate business purposes
Account Data
Active Accounts
| Data Type | Retention Period |
|---|---|
| Account information (name, email, profile) | Duration of account + 30 days |
| Login credentials (hashed) | Duration of account + 30 days |
| Subscription details | Duration of account + 7 years (tax) |
| Account preferences and settings | Duration of account + 30 days |
Deleted Accounts
When you delete your account:
30-Day Grace Period
Account data is soft-deleted and recoverable upon request
After 30 Days
Account data is permanently deleted from active systems
Backup Retention
May persist in encrypted backups for up to 90 additional days
Legal Hold
Data may be retained longer if required by law or pending legal matters
User Content
Photos, Videos, and Media
| Content Type | Retention Period |
|---|---|
| Uploaded photos | Until deleted by user or account closure |
| AI-processed images | Until deleted by user or account closure |
| AI-generated videos | Until deleted by user or account closure |
| Session photos | Until session deleted or account closure |
| Public sharing links | Until source content is deleted or account closure |
| Frame overlays and branding assets | Until removed by user or account closure |
| Deleted photos and videos | Immediate deletion + 30 days in backups |
Sessions and Events
Session data is retained:
- Active Sessions: Indefinitely while account is active
- Deleted Sessions: Removed immediately, backups purged after 30 days
- Account Closure: All sessions deleted with account
Financial Data
Payment Information
| Data Type | Retention Period |
|---|---|
| Payment method tokens | Until removed or account closure |
| Transaction records | 7 years (tax and legal compliance) |
| Invoices | 7 years (tax and legal compliance) |
| Subscription history | 7 years (tax and legal compliance) |
Credit Transactions
| Data Type | Retention Period |
|---|---|
| Credit allocation records | 7 years (financial compliance) |
| Credit usage/deduction records | 7 years (financial compliance) |
| Credit expiration records | 7 years (financial compliance) |
| Credit package purchase history | 7 years (financial compliance) |
Tax Compliance: Financial records are retained for 7 years to comply with tax regulations, even after account deletion.
Usage and Analytics Data
Application Logs
| Log Type | Retention Period |
|---|---|
| Access logs | 90 days |
| Error logs | 180 days |
| Security logs | 1 year |
| Audit logs | 7 years (compliance) |
Analytics Data
Aggregated and anonymized analytics data:
- Individual User Analytics: 2 years or account closure
- Aggregated Analytics: Retained indefinitely (anonymized)
- A/B Test Data: 1 year after test completion
AI Training Data
Processing Data
Data generated through AI processing:
- Original Images: Retained for the duration of your account or until deleted by you
- AI-Processed Images: Retained for the duration of your account or until deleted by you
- Thumbnails: Retained for the duration of your account or until the source image is deleted
- Processing Metadata: 90 days (theme used, filters applied, person count, processing status)
Important: By using the Service, you acknowledge and accept that all images — including original uploads and AI-processed outputs — are stored on our servers by default. There is no opt-in or opt-out for image storage; it is a fundamental part of how the Service operates. Images are retained until you delete them or your account is closed.
AI Model Training
We do not use your images to train AI models. Your content is processed through our AI workflows solely to generate outputs for your use within the Service.
Communications
Email Communications
| Type | Retention Period |
|---|---|
| Transactional emails (receipts, confirmations) | 7 years |
| Support correspondence | 3 years after closure |
| Marketing emails | Until unsubscribe + 30 days |
Support Tickets
Customer support interactions are retained for:
Active Tickets
Until resolved + 90 days
Historical Data
3 years after account closure
Consent Records
We maintain records of your consent decisions as required by applicable data protection laws:
| Data Type | Retention Period |
|---|---|
| Cookie consent preferences | Duration of account + 3 years |
| Marketing consent records | Duration of account + 3 years |
| Data processing consent | Duration of account + 3 years |
| Newsletter subscription consent | Until unsubscribe + 3 years |
Live Chat and Support Data
Data from our live chat and support systems:
| Data Type | Retention Period |
|---|---|
| Live chat conversations | 2 years after last message |
| Support ticket history | 3 years after resolution |
| Knowledge base search queries | 1 year (anonymised) |
| Customer satisfaction (CSAT) survey responses | 2 years (anonymised after 1 year) |
| Guest/public live chat conversations | 90 days |
Kiosk Session Data
Data collected during kiosk photobooth sessions:
| Data Type | Retention Period |
|---|---|
| Kiosk session metadata (IP address, device info) | 90 days |
| Authentication heartbeat logs | 30 days |
| Real-time processing events (WebSocket) | 7 days |
| Kiosk photos and AI-processed images | Until deleted by user or account closure |
Legal and Compliance Data
Data required for legal compliance:
Legal Holds
Retained until hold is lifted
Dispute Resolution
Duration of dispute + 1 year
Regulatory Requirements
As required by applicable law
Terms Violations
7 years for potential future disputes
Backup and Disaster Recovery
Backup Retention
Our backup systems:
Daily Backups
30 days
Weekly Backups
90 days
Monthly Backups
1 year
Encrypted Storage: All backups are encrypted at rest
Deleted Data in Backups
When you delete data:
- 1Immediately removed from active systems
- 2Marked for deletion in backups
- 3Permanently purged as backups expire
- ✓Maximum backup retention: 1 year
Data Deletion Procedures
Secure Deletion
When data is deleted:
Data is removed from active databases
References and indexes are cleared
Data is overwritten or cryptographically erased
Deletion is logged for audit purposes
User-Initiated Deletion
You can request deletion of:
Photos/Sessions
Immediate deletion
Account Data
Within 30 days
Entire Account
30-day grace, then permanent
Geographic Considerations
PDPA (Singapore)
As our primary jurisdiction:
- Data retained only as long as necessary for stated purposes
- Access and correction requests within 30 business days
- Complaints may be lodged with the PDPC
GDPR (EU Users)
EU users have enhanced rights:
- Right to be forgotten (with legal exceptions)
- Data portability within 30 days
- Shorter retention periods where possible
CCPA (California Users)
California residents can:
- Request deletion of personal information
- Receive information about data retention practices
- Opt-out of data sales (we do not sell data)
Changes to This Policy
We may update this Data Retention Policy to reflect:
- Changes in legal requirements
- Updates to our data practices
- New features or services
- Security enhancements
Material changes will be communicated via email or service notifications.
Contact Us
For questions about data retention or to request deletion, contact: