Data Retention Schedule
Last Updated: March 2026
1. Overview
At 38Hub, we believe in keeping your data only as long as it is necessary to fulfill the purpose for which it was collected. This Data Retention Schedule explains what categories of data we store, how long we retain them, and what happens when data reaches the end of its retention period.
Our guiding principle is data minimization: we collect only what we need, retain it only as long as required, and delete it securely when it is no longer necessary. Where legal or regulatory obligations require extended retention (such as tax records), we comply with those requirements while minimizing the scope of data retained.
This schedule should be read alongside our Privacy Policy and Sub-Processors page for a complete picture of how we handle your information.
1.1 Retention Summary
| Data Type | Retention Period | After Deletion |
|---|---|---|
| Account Data | While account is active | Deleted within 90 days |
| Content Data | While account is active | Deleted within 90 days |
| Generated Media | While account is active | Deleted within 90 days |
| AI Processing Data | Not stored after response | N/A |
| Billing Data | 7 years (legal requirement) | Securely destroyed |
| Usage & Analytics | 90 days (individual) | Aggregated, then deleted |
| Audit Logs | 1 year | Permanently deleted |
| Support Data | 2 years after resolution | Permanently deleted |
2. Account Data
Account data includes your profile information, authentication tokens, display preferences, AI provider settings, and any connected third-party accounts (such as Google OAuth credentials).
2.1 What We Store
- Name, email address, and profile avatar
- OAuth tokens for connected accounts (Google, etc.)
- Application preferences (default language, theme, AI provider selection)
- Encrypted API keys for AI providers (Claude, OpenAI, Gemini)
- Subscription plan and account status
2.2 Retention Period
Account data is retained for the duration of your active account. When you request account deletion, your profile and all associated authentication data will be permanently deleted within 90 days of the request. During this grace period, you may contact us to cancel the deletion and restore your account.
2.3 Encrypted API Keys
Your AI provider API keys are encrypted at rest using AES-256-GCM encryption. They are never stored in plaintext and are deleted immediately when you remove them from settings or when your account is deleted.
3. Content Data
Content data encompasses everything you create and curate within 38Hub, including ideas, cooked content, scripts, captions, articles, social posts, and any associated metadata such as tags, categories, and scores.
3.1 What We Store
- Ideas and their metadata (title, category, language, tags, AI scores)
- Cooked content (text posts, threads, articles, newsletters)
- Video scripts, social captions, and content outlines
- Content versions and edit history
- Content DNA profiles and style preferences
3.2 Retention Period
All content data is retained for the duration of your active account. You can export your content at any time via the data export feature in Settings. Upon account deletion, all content data is permanently deleted within 90 days.
3.3 Content You Delete
When you delete individual pieces of content (ideas, posts, scripts, etc.) within the app, they are moved to a soft-delete state for 30 days, allowing you to recover them if needed. After 30 days, they are permanently purged from our database.
4. Generated Media
Generated media refers to all visual assets produced through 38Hub, including AI-generated images, thumbnails, social post designs, carousel slides, diagrams, and logos.
4.1 Storage
All generated media files are stored in Supabase Storage with row-level security. Each file is scoped to your user account and is inaccessible to other users.
4.2 Retention Period
| Condition | Retention Period | Action |
|---|---|---|
| Active account | Indefinite | Available for download and use |
| 12 months of inactivity | Subject to purge | Large files (>10 MB) may be removed; user notified 30 days prior |
| Account deletion | 90 days | All media permanently deleted |
4.3 Exporting Media
You can download any generated media file at any time directly from the app. We recommend maintaining your own backups for critical assets, especially if your account has been inactive for an extended period.
5. AI Processing Data
When you use AI features in 38Hub (idea scoring, content generation, image creation, etc.), your prompts and content are sent to third-party AI providers for processing. Here is how we handle that data:
5.1 What Happens to Your Prompts
- Prompts are sent to the selected AI provider (Claude, OpenAI, or Gemini) over encrypted connections
- 38Hub does not store prompts or AI responses after the response has been delivered to you
- The generated output (content, scores, etc.) is saved as part of your Content Data (see Section 3)
- Raw prompt payloads are not logged, cached, or retained on our servers
5.2 AI Provider Retention
Each AI provider has its own data retention and usage policies. When you use your own API keys, the providers' standard API terms apply (which generally prohibit training on API inputs). For details on our AI sub-processors and their data practices, see our Sub-Processors page.
5.3 Your Control
You choose which AI provider to use and can switch at any time in Settings. You can also use your own API keys, ensuring that data processing happens under your direct agreement with the provider.
6. Billing Data
Billing data is processed and stored by our payment processor, Stripe. 38Hub itself does not store full credit card numbers, bank account details, or other sensitive payment information.
6.1 What We Store
- Transaction records (amount, date, plan, invoice ID)
- Stripe customer ID and subscription ID
- Invoice history and payment status
- Last four digits of card (for display purposes only)
6.2 Retention Period
| Data Type | Retention Period | Reason |
|---|---|---|
| Transaction records & invoices | 7 years | Tax and accounting compliance |
| Payment method tokens (Stripe) | Until cancellation | Deleted when subscription is cancelled |
| Stripe customer record | 7 years | Required for invoice reference integrity |
We are legally required to retain financial transaction records for a minimum of 7 years to comply with tax and accounting regulations. After this period, billing records are securely destroyed.
7. Usage & Analytics
We collect usage data to improve 38Hub, identify performance issues, and understand which features are most valuable to our users. This data helps us make informed decisions about product development.
7.1 What We Collect
- Feature usage statistics (which tools you use, how often)
- Page views and navigation patterns
- IP addresses (for security and approximate geolocation)
- Device type, browser, and operating system
- Performance metrics (page load times, error rates)
7.2 Retention & Aggregation
Individual usage records (those tied to a specific user) are retained for 90 days. After 90 days, individual records are deleted and replaced with aggregated, anonymized statistics. These aggregated statistics—which cannot be linked back to any individual user—are retained indefinitely to support long-term product analytics and trend analysis.
7.3 IP Addresses
IP addresses are collected for security purposes (detecting suspicious activity, preventing abuse) and are automatically anonymized after 90 days. We do not use IP addresses for advertising or tracking purposes.
8. Audit Logs
Audit logs record security-relevant events to help protect your account and enable you to review activity. These logs are essential for detecting unauthorized access and investigating security incidents.
8.1 What We Log
- Login and logout events (including failed attempts)
- API key additions, modifications, and removals
- Account settings changes
- Data export and deletion requests
- Admin actions (for team accounts)
- API access events and rate-limit triggers
8.2 Retention Period
Audit logs are retained for 1 year from the date of the event. After 1 year, logs are permanently deleted. During the retention period, you can view your audit logs in the Security section of your account Settings.
8.3 Access
You can access your audit logs at any time through Settings > Security. Logs include timestamps, event descriptions, and IP addresses associated with each action. You can also export your audit logs as part of a full data export.
9. Support Data
When you contact our support team, we retain the correspondence to provide consistent help and to improve our support quality.
9.1 What We Store
- Support tickets and their full message history
- Attachments you share during support conversations (screenshots, files)
- Internal notes added by our support team
- Satisfaction ratings and feedback
9.2 Retention Period
Support tickets and all associated data are retained for 2 years after the ticket is resolved. This allows us to reference past conversations if related issues arise and helps us maintain quality standards. After 2 years, support data is permanently deleted.
9.3 Account Deletion
If you delete your account, support data associated with your account is anonymized. The content of the ticket may be retained in anonymized form for quality assurance purposes, but all personally identifiable information is removed within the 90-day deletion window.
10. Data After Account Deletion
When you request to delete your account, we follow a structured process to ensure your data is removed thoroughly and irreversibly.
10.1 The 90-Day Grace Period
After you submit a deletion request, your account enters a 90-day grace period. During this time:
- Your account is immediately deactivated and inaccessible
- Your data remains in our systems but is not processed
- You can contact us to cancel the deletion and restore your account
- No data is shared with third parties during this period
10.2 Permanent Deletion
After the 90-day grace period, the following actions are taken:
- All account data, content data, and generated media are permanently deleted from our primary databases
- Encrypted backups containing your data are purged within 30 days of the permanent deletion
- Stripe payment method tokens are deleted (transaction records retained per Section 6)
- Audit logs are deleted immediately rather than waiting for the standard 1-year retention
10.3 What May Be Retained
Even after permanent deletion, certain data may be retained in limited circumstances:
- Billing records: Transaction records and invoices are retained for 7 years per legal requirements
- Aggregate statistics: Anonymized, non-identifiable usage statistics that have already been aggregated
- Legal holds: Data subject to an active legal hold, regulatory investigation, or legal proceeding
11. Your Rights
You have full control over your data at 38Hub. We provide tools and processes to help you exercise your data rights easily and transparently.
11.1 Export Your Data
You can export all of your data at any time from Settings > Data & Privacy. Exports are delivered in JSON format and include your account information, all content data, and metadata. Generated media files can be downloaded individually or in bulk.
11.2 Request Deletion
You can request complete account deletion at any time from Settings > Data & Privacy, or by contacting us directly. Once confirmed, the 90-day deletion process described in Section 10 begins immediately.
11.3 Rectification & Access
You can update or correct your personal information at any time through your account Settings. If you need access to data that is not available through the app interface, contact us and we will provide it within 30 days.
11.4 Contact Us
For any questions about this Data Retention Schedule, or to exercise any of your data rights, contact us at:
- Email: privacy@38hub.com
- Contact page: 38hub.com/contact
We aim to respond to all data-related requests within 30 days. For requests related to GDPR or other privacy regulations, please refer to our Privacy Policy for additional details on your rights.