This Data Retention Policy describes how Trivialism retains, manages, and disposes of personal data and other records collected through our trivia game across web, mobile, and Discord platforms.
1. Principles
- Data minimization: We collect only the data necessary for the purposes described in our Privacy Policy.
- Purpose limitation: Data is retained only as long as it is needed for its original purpose, or as required by law.
- Secure disposal: When data is no longer needed, it is securely deleted or anonymized.
2. Retention Periods
| Data Category | Retention Period | Notes |
|---|---|---|
| Account data (username, email, profile) | Duration of account + 30 days after deletion request | 30-day grace period allows account recovery |
| Authentication credentials (hashed passwords) | Duration of account | Deleted upon account deletion |
| Gameplay data (scores, achievements, match history) | Duration of account | Anonymized after account deletion for aggregate analytics |
| Chat and messaging data | 90 days | Auto-purged after 90 days; moderation-flagged content may be retained longer |
| Moderation records | 2 years after resolution | Required for appeals and pattern detection |
| Support correspondence | 2 years after resolution | Deleted after retention period |
| Payment transaction records | 7 years | Required for tax and financial compliance |
| Server/access logs (IP addresses, request logs) | 90 days | Used for security monitoring and debugging |
| Analytics data | Anonymized at collection | No personally identifiable data retained |
| Cookie consent records | 3 years | Required as proof of consent under GDPR |
| Parental consent records | Duration of child's account + 3 years | Required under COPPA |
| Marketing consent records | Duration of consent + 2 years | Required as proof of opt-in |
3. Account Deletion
When a user requests account deletion:
- Account is deactivated immediately (user can no longer log in).
- Personal data is scheduled for deletion after a 30-day grace period.
- After the grace period, all personal data is permanently deleted or anonymized.
- Gameplay data is anonymized and retained for aggregate statistics only.
- Data required by law (e.g., payment records) is retained for the legally required period.
4. Data Subject Requests
Data subject requests (access, deletion, rectification, portability) are processed within:
- GDPR/UK GDPR: 30 days (extendable by 60 days for complex requests).
- CCPA/CPRA: 45 days (extendable by 45 days).
Requests should be directed to: [email protected]
5. Legal Holds
When litigation, investigation, or regulatory action is pending or reasonably anticipated, relevant data may be placed on a legal hold. Legal holds override the standard retention periods and remain in effect until lifted by our legal team.
6. Disposal Methods
- Digital data: Secure deletion using industry-standard methods. Encrypted data is disposed of by destroying encryption keys.
- Backups: Data in backups is overwritten within the normal backup rotation cycle (maximum 90 days).
- Third-party processors: We contractually require our data processors to delete data in accordance with this policy upon our instruction.
7. Review
This policy is reviewed annually and updated as necessary to reflect changes in legal requirements, business needs, or data processing activities.
8. Contact Us
Trivialism — Privacy Team
Email: [email protected]