Data storage & deletion

Storage locations

Data are usually processed in cloud infrastructure (e.g. hosted database, object storage) operated by the platform or hosting provider. The storage location (region) should be set contractually and described transparently to data subjects.

Storage logic

Typical objects include practice user accounts, questionnaire or customer-related records, and technical logs. Use tenant-separation concepts so your practice’s data remain isolated from other practices.

Deletion periods

Base deletions on: withdrawal of consent, purpose no longer applicable, statutory retention (e.g. tax or commercial law), and contractual arrangements with the platform provider. Customer counselling data may require longer retention — align with your DPO or legal adviser.

Backup & recovery

Backups may delay deletion until rotation permanently removes data. Document in your transparency information how backups and recovery interact with deletion obligations.

Related documents

• Legal information & privacy — overview
• Privacy policy
• Sub-processors & processors