Skip to content
Craft·Cert

Retention & Deletion Policy

Last updated: 16 April 2026

1. Data retention — active accounts

While your account is active we retain all data you have entered into CraftCert, including:

  • Account profile and preferences
  • Products, formulations, and ingredient data
  • Generated CLP labels and classification records
  • Compliance evidence records
  • Audit logs (who did what, when — required for compliance traceability)

We retain this data for as long as your account exists so that you can access your compliance history at any time.

2. Deleting individual products

When you delete a single product from your dashboard, it is immediately hidden from your product list and from every view in the application. The row itself is kept in the database with a deletion timestamp, so support can recover it on request. Deleted products are not subject to the 90-day account-purge cycle described below — they remain recoverable as long as your account exists.

3. Deleting your account

You can delete your entire account in two ways:

  • Self-service: go to Settings > Delete account in your dashboard, type DELETE to confirm, and submit.
  • By request: email support@craftcert.co.uk. We will acknowledge your request within five working days and action it within 30 days of verifying your identity.

Both paths trigger the same technical flow described in the next section.

4. What happens when you delete your account

Account deletion is a two-stage process. It is not instantaneous, and it is reversible within the first stage.

Stage 1 — Immediate soft-deletion (day 0)

The moment you confirm deletion, CraftCert does the following:

  • Your profile is marked deleted in our database with the exact UTC timestamp of your request. We call this T₀.
  • Your Supabase authentication record is suspended, so no-one (including you) can sign in using your credentials.
  • Open browser sessions on other devices stop being able to access any of your data within roughly one hour (the maximum lifetime of an authentication token). They cannot view, edit, or export anything. The browser tab itself may continue to render until you close it, but every action returns an empty result.
  • Row-level security rules hide every row you own (products, formulations, labels, evidence, ingredients, audit entries) from the application. The data still exists in the database, but no part of CraftCert — including our support tooling running under your session — can see it.
  • Any active paid subscription is cancelled immediately with no proration and no final invoice.
  • An account_soft_deleted entry is written to our audit log, recording T₀ and the scheduled permanent-deletion instant T₀ + 90 days.

Stage 2 — Permanent deletion (day 90)

A scheduled job runs every day at 03:17 UTC. Each run looks for accounts whose 90-day window has elapsed and permanently deletes them.

Permanent deletion removes your authentication record, profile, products, formulations, ingredients, labels, and evidence records from our production database. Audit log entries survive with your user identifier set to null, so the record ofwhat happened is preserved but you are no longer identifiable in it.

5. The 90-day timer — exact math

We promise that you have a full 90 days to change your mind. The timer is measured in UTC and is exact to the second.

  • Start (T₀): the UTC instant at which your deletion request was recorded. You can find this in the confirmation email we send immediately after deletion.
  • Restore-by instant (T₀ + 90 days): the exact UTC instant after which the scheduled purge is permitted to permanently delete your data. Stored in your profile and in the deletion confirmation email.
  • Actual purge time: the next scheduled run after the restore-by instant. The purge runs daily at 03:17 UTC, so in the worst case your data is retained up to ~24 hours longer than the restore-by instant — never shorter.

Worked example. You delete your account on 1 June 2026 at 14:22 UTC. Then:

  • T₀ = 2026-06-01 14:22 UTC
  • Restore-by instant = 2026-08-30 14:22 UTC (exactly 90 × 24 hours later)
  • Actual permanent-deletion run = 2026-08-31 03:17 UTC (the first scheduled purge after the restore-by instant)
  • Window during which support can restore your account: 2026-06-01 14:22 UTC to 2026-08-30 14:22 UTC. After the restore-by instant, a restore request may still succeed if the 03:17 purge has not yet run, but we do not guarantee it.

6. Restoring a soft-deleted account

To restore during the window, email support@craftcert.co.uk from the email address associated with the account. We will:

  • Verify your identity (typically by confirming details from your account — last subscription, number of products, approximate signup month).
  • Unsuspend your authentication record and clear the deletion flag on your profile, which re-opens row-level access to your data.
  • Write an account_restored audit entry attributing the restoration to the support operator.
  • Email you to confirm the account is live again, usually within one working day of receiving the request.

Your subscription is not automatically restored. When your account comes back, it is on the Free tier. If you want a paid plan again, subscribe through Pricing in the normal way. Your Stripe customer record is preserved, so billing history continues on the same record.

Product-level deletions stay deleted. If you had soft-deleted a specific product before you deleted your account, that product stays deleted when the account is restored — we only reverse the account-level deletion.

7. GDPR Article 17 — Right to erasure

The soft-delete window is a restoration convenience, not a delay to your statutory rights. If you want an immediate hard deletion with no 90-day restoration window, explicitly request this in writing to support@craftcert.co.uk — for example, “I am exercising my right to erasure under UK GDPR Article 17 and require immediate permanent deletion with no 90-day window.” We will:

  • Acknowledge your request within five working days.
  • Complete the permanent deletion within 30 days (or explain any delay, where a delay is permitted by the regulation — for example, if we are subject to a legal obligation to retain specific records).
  • Confirm the deletion in writing once complete.

8. Backups

CraftCert's database is backed up by our hosting provider (Supabase) on a 7-day rolling retention. When we permanently delete your account at day 90, the production record is gone immediately; any reference to your data in rolling backups is removed naturally as those backups age out within seven days.

We do not take long-term snapshots and we do not copy production data to cold storage. The combination of a 90-day soft-delete window and a 7-day rolling backup means that — at the outside — 97 days after your deletion request, no trace of your data remains on any CraftCert system.

9. Data export

You can export every product, formulation, label, and evidence record as a single JSON file from Settings > Export all data in your dashboard. Export is also available on request via support@craftcert.co.uk. The export satisfies the UK GDPR right to data portability.

10. Cancelled subscriptions

Cancelling a paid subscription is not the same as deleting your account. If you cancel, your account is downgraded to the Free tier at the end of the current billing period; your data is preserved and accessible; you can re-subscribe at any time without restoring anything. The 90-day clock only starts when you explicitly delete the account.

11. Third-party processors

Some data is held by third-party processors on our behalf (Stripe, Resend, Sentry, Netlify, Upstash, GoatCounter, Supabase). Each processor has its own retention schedule. We cover this in the Privacy Policy and list every processor on the Subprocessors page. In summary:

  • Stripe is the only processor that retains data after you delete your account at CraftCert, because Stripe is independently obliged to keep transaction records for tax and anti-money-laundering purposes (typically seven years in the UK/EU). CraftCert has no authority to shorten this. You can request erasure directly from Stripe, subject to those obligations.
  • All other processors either (a) mirror our deletion when our systems delete the record (Supabase, Resend audit trails), or (b) hold only non-identifying aggregate data (GoatCounter) or transient operational data that ages out in days or weeks (Upstash rate limit counters, Sentry error events, Netlify logs).

12. Contact

Questions about retention or deletion? Email support@craftcert.co.uk.

Crocker Digital Ltd, Company No. 17008789