Purpose
This Data Retention Policy explains how long we keep your data, why we retain it, and how we securely delete it when it is no longer needed. This policy applies to all data collected through the Shashin! Service operated by FrontHAUS Pte. Ltd., a company incorporated under the laws of the Republic of Singapore. Our data retention practices comply with the Personal Data Protection Act 2012 (PDPA) of Singapore, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
General Retention Principles
We retain personal data only for as long as necessary to:
- Provide the Service to you
- Comply with legal and regulatory obligations
- Resolve disputes and enforce agreements
- Support legitimate business purposes
Account Data
Active Accounts
| Data Type | Retention Period |
|---|---|
| Account information (name, email, profile) | Duration of account + 30 days |
| Login credentials (hashed) | Duration of account + 30 days |
| Subscription details | Duration of account + 7 years (tax) |
| Account preferences and settings | Duration of account + 30 days |
Deleted Accounts
When you delete your account:
30-Day Grace Period
Account data is soft-deleted and recoverable upon request
After 30 Days
A queued purge job anonymises personal data (name, email and other identifiers are irreversibly scrubbed), force-deletes the account record, and issues deletion of associated media objects from our object storage (Cloudflare R2). Residual copies may persist only in encrypted backups (see Backups) until those backups expire.
Backup Retention
May persist in encrypted backups for up to 90 additional days
Legal Hold
Data may be retained longer if required by law or pending legal matters
User Content
Photos, Videos, and Media
| Content Type | Retention Period |
|---|---|
| Uploaded photos | Until deleted by user or account closure |
| AI-processed images | Until deleted by user or account closure |
| AI-generated videos | Until deleted by user or account closure |
| Session photos | Until session deleted or account closure |
| Public sharing links | Until source content is deleted or account closure |
| Frame overlays and branding assets | Until removed by user or account closure |
| Deleted photos and videos | Removed from active systems on the next purge run (queued; typically within minutes), media objects deleted from object storage; up to 30 days in backups |
Sessions and Events
Session data is retained:
- Active Sessions: Indefinitely while account is active
- Deleted Sessions: Removed from active systems on the next purge run (queued), backups purged within 30 days
- Account Closure: All sessions deleted with account
Financial Data
Payment Information
| Data Type | Retention Period |
|---|---|
| Payment method tokens | Until removed or account closure |
| Transaction records | 7 years (tax and legal compliance) |
| Invoices | 7 years (tax and legal compliance) |
| Subscription history | 7 years (tax and legal compliance) |
Credit Transactions
| Data Type | Retention Period |
|---|---|
| Credit allocation records | 7 years (financial compliance) |
| Credit usage/deduction records | 7 years (financial compliance) |
| Credit expiration records | 7 years (financial compliance) |
| Credit package purchase history | 7 years (financial compliance) |
Tax Compliance: Financial records are retained for 7 years to comply with tax regulations, even after account deletion.
Usage and Analytics Data
Application Logs
| Log Type | Retention Period |
|---|---|
| Access logs | 90 days |
| Error logs | 180 days |
| Security logs | 1 year |
| Audit logs | 7 years (compliance) |
Analytics Data
Aggregated and anonymized analytics data:
- Individual User Analytics: 2 years or account closure
- Aggregated Analytics: Retained indefinitely (anonymized)
- A/B Test Data: 1 year after test completion
AI Training Data
Processing Data
Data generated through AI processing:
- Original Images: Retained for the duration of your account or until deleted by you
- AI-Processed Images: Retained for the duration of your account or until deleted by you
- Thumbnails: Retained for the duration of your account or until the source image is deleted
- Processing Metadata: 90 days (theme used, filters applied, person count, processing status)
Important: By using the Service, you acknowledge and accept that all images — including original uploads and AI-processed outputs — are stored on our servers by default. There is no opt-in or opt-out for image storage; it is a fundamental part of how the Service operates. Images are retained until you delete them or your account is closed.
AI Model Training
We do not use your images to train AI models. Your content is processed through our AI workflows solely to generate outputs for your use within the Service.
Communications
Email Communications
| Type | Retention Period |
|---|---|
| Transactional emails (receipts, confirmations) | 7 years |
| Support correspondence | 3 years after closure |
| Marketing emails | Until unsubscribe + 30 days |
Support Tickets
Customer support interactions are retained for:
Active Tickets
Until resolved + 90 days
Historical Data
3 years after account closure
Consent Records
We maintain records of your consent decisions as required by applicable data protection laws:
| Data Type | Retention Period |
|---|---|
| Cookie consent preferences | Duration of account + 3 years |
| Marketing consent records | Duration of account + 3 years |
| Data processing consent | Duration of account + 3 years |
| Newsletter subscription consent | Until unsubscribe + 3 years |
Live Chat and Support Data
Data from our live chat and support systems:
| Data Type | Retention Period |
|---|---|
| Live chat conversations | 2 years after last message |
| Support ticket history | 3 years after resolution |
| Knowledge base search queries | 1 year (anonymised) |
| Customer satisfaction (CSAT) survey responses | 2 years (anonymised after 1 year) |
| Guest/public live chat conversations | 90 days |
Kiosk Session Data
Data collected during kiosk photobooth sessions:
| Data Type | Retention Period |
|---|---|
| Kiosk session metadata (IP address, device info) | 90 days |
| Authentication heartbeat logs | 30 days |
| Real-time processing events (WebSocket) | 7 days |
| Kiosk photos and AI-processed images | Until deleted by user or account closure |
Legal and Compliance Data
Data required for legal compliance:
Legal Holds
Retained until hold is lifted
Dispute Resolution
Duration of dispute + 1 year
Regulatory Requirements
As required by applicable law
Terms Violations
7 years for potential future disputes
Backup and Disaster Recovery
Backup Retention
Our backup systems:
Daily Backups
30 days
Weekly Backups
90 days
Monthly Backups
1 year
Encrypted Storage: All backups are encrypted at rest
Deleted Data in Backups
When you delete data:
- 1Immediately removed from active systems
- 2Marked for deletion in backups
- 3Permanently purged as backups expire
- ✓Maximum backup retention: 1 year
Data Deletion Procedures
Secure Deletion
When data is deleted:
Data is removed from active databases
References and indexes are cleared
Personal data is irreversibly anonymised, the underlying records are force-deleted from our databases, and associated media objects are deleted from object storage (Cloudflare R2)
Deletion is logged for audit purposes
User-Initiated Deletion
You can request deletion of:
Photos/Sessions
Removed on next purge run (queued)
Account Data
Within 30 days
Entire Account
30-day grace, then permanent
Security Breach Notification
In the event of a personal-data breach that is likely to result in significant harm or affects a number of affected individuals at or above the threshold prescribed under the PDPA, we will notify the Singapore Personal Data Protection Commission (PDPC) as soon as practicable and in any case no later than 3 calendar days after we determine the breach is notifiable. Where the breach is likely to result in significant harm to affected individuals, we will also notify those individuals as soon as practicable.
For users protected by the GDPR, where a breach is likely to result in a risk to your rights and freedoms we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will notify you directly without undue delay where the breach is likely to result in a high risk to you. Our internal handling of breaches follows a documented incident-response and notification procedure.
Geographic Considerations
PDPA (Singapore)
As our primary jurisdiction:
- Data retained only as long as necessary for stated purposes
- Access and correction requests within 30 business days
- Complaints may be lodged with the PDPC
GDPR (EU Users)
EU users have enhanced rights:
- Right to be forgotten (with legal exceptions)
- Data portability within 30 days
- Shorter retention periods where possible
CCPA (California Users)
California residents can:
- Request deletion of personal information
- Receive information about data retention practices
- Opt-out of data sales (we do not sell data)
Changes to This Policy
We may update this Data Retention Policy to reflect:
- Changes in legal requirements
- Updates to our data practices
- New features or services
- Security enhancements
Material changes will be communicated via email or service notifications.
Contact Us
For questions about data retention or to request deletion, contact: