Developer docs · Reference

Data retention & export

A plain-English breakdown of what data SalesThumb stores, how long we keep it, why, and how to get it out. This page covers the technical details; see /privacy for the legal privacy policy.

SOC 2 aligned7-year financial recordsCSV export30-day close grace period

Retention by data category

Periods below apply to data stored in the SalesThumb platform. Third-party processors (Stripe for payments, Resend for email, R2 for media) have their own retention policies which may differ.

Data category	Retention period	Reason
Appointment & invoice records Appointments, quotes, invoices, line items, service notes Lifetime of subscription + 7 years after account close	Lifetime of subscription + 7 years after account close	Tax compliance and legal record-keeping requirements.
Payment records Payment transactions, refunds, Stripe charge IDs 7 years after account close	7 years after account close	PCI DSS and tax compliance. Records are kept even after account close.
Customer & vehicle records Customer profiles, vehicle make/model/VIN, contact info Lifetime of subscription + 30-day grace period after close	Lifetime of subscription + 30-day grace period after close	Active business data. Deleted in the cascade after the grace period unless a data-export request is in progress.
Media & photos Before/after photos, warranty photos, install documentation 90 days after subscription ends	90 days after subscription ends	Storage costs. Export via Settings → Data before your subscription lapses if you need to keep photos.
Audit logs Who changed what, login events, API key usage, permission changes 2 years	2 years	Security investigation and compliance. Logs are append-only and cannot be modified.
API keys Shop API keys, restricted-scope keys Deleted immediately on revoke	Deleted immediately on revoke	Security. Once revoked, a key cannot be recovered. The key ID remains in audit logs.
Webhook delivery logs Request payload, response status, retry history per delivery 90 days	90 days	Debugging window. After 90 days, delivery logs are purged even if the subscription is still active.
Session & auth tokens User session tokens, OAuth tokens Deleted on logout or after 30 days of inactivity	Deleted on logout or after 30 days of inactivity	Security hygiene.

Data portability & export

You own your data. SalesThumb provides two export paths:

Self-serve CSV export

From Settings → Data, export CSV files for:

Customers — name, email, phone, notes, created date
Vehicles — year, make, model, VIN, license plate, linked customer ID
Appointments — date, service type, status, technician, customer, vehicle
Invoices — line items, totals, payment status, paid date
Payments — amount, method, reference, linked invoice

Exports are generated asynchronously and emailed to the account owner. Large shops (>50k records) may take up to 30 minutes.

Full data export request

For a complete machine-readable export including media, audit logs, webhook delivery history, and all metadata, email info@roffik.com from the account owner address. Include your shop name and the export scope you need.

We fulfill export requests within 30 days. The export is delivered as a password-protected ZIP via a secure download link. The link expires after 7 days.

Account closure & cascade delete

When you close your SalesThumb account, here is exactly what happens:

1
Immediate
Subscription ends, access disabled
Your shop and all user logins are disabled immediately. API keys stop working. Webhook deliveries halt. You can still request a data export during the grace period.
2
Day 1–30
Grace period
All shop data remains intact. You can reactivate your account at any time during this window — contact support. Use this window to download any CSV exports you need from Settings → Data or request a full export via email.
3
Day 30
Cascade delete
At the end of the 30-day grace period, a cascade delete runs that permanently removes: customer records, vehicle records, appointments, quotes, media/photos, active API keys, and webhook subscriptions. This action is irreversible.
4
Retained 7 years
Financial records kept for compliance
Invoice records, line items, payment transaction records, and refunds are retained for 7 years after account close per tax and legal requirements. These records are stored in an isolated, encrypted archive inaccessible via the app or API. They are deleted automatically after 7 years.
5
Retained 2 years
Audit logs
Security audit logs (login events, API key usage, permission changes) are retained for 2 years regardless of account status.

The cascade delete on day 30 is permanent and cannot be reversed. Download your exports before closing your account or before the grace period ends.

Deletion requests (GDPR / CCPA)

To request deletion of your account and all associated personal data ahead of the 30-day grace period, email info@roffik.com from the account owner address with the subject line "Deletion request — [shop name]".

We will acknowledge your request within 72 hours and complete the deletion within 30 days as required by GDPR Article 17 and CCPA Section 1798.105. Financial records subject to legal retention requirements (invoices, payments) are excluded from early deletion requests and will be purged automatically after the 7-year retention period.

For questions about data residency, sub-processors, or DPA execution, contact info@roffik.com.

Notes for developers

If you are building an integration on top of SalesThumb, keep these retention facts in mind:

Webhook delivery logs are available via the dashboard for 90 days. Design your endpoint to be idempotent and log payloads on your side if you need longer replay history.
API keys are deleted immediately on revoke — no grace period. Revoked keys return 401 instantly.
Deleted records return 404 from the API. There is no soft-delete concept exposed to the API — once a cascade delete runs, those IDs are gone.
Financial record archive (post-close invoices and payments) is not accessible via the API. If you need historical financial data, export it before account close.
Pagination cursors are valid for 24 hours. Do not cache cursors across sessions for long-running sync jobs.

Questions about your data?

Email info@roffik.com for export requests, deletion requests, or DPA inquiries.

More developer docs

Docs home REST API reference Webhooks

Retention by data category

Periods below apply to data stored in the SalesThumb platform. Third-party processors (Stripe for payments, Resend for email, R2 for media) have their own retention policies which may differ.

Data category	Retention period	Reason
Appointment & invoice records Appointments, quotes, invoices, line items, service notes Lifetime of subscription + 7 years after account close	Lifetime of subscription + 7 years after account close	Tax compliance and legal record-keeping requirements.
Payment records Payment transactions, refunds, Stripe charge IDs 7 years after account close	7 years after account close	PCI DSS and tax compliance. Records are kept even after account close.
Customer & vehicle records Customer profiles, vehicle make/model/VIN, contact info Lifetime of subscription + 30-day grace period after close	Lifetime of subscription + 30-day grace period after close	Active business data. Deleted in the cascade after the grace period unless a data-export request is in progress.
Media & photos Before/after photos, warranty photos, install documentation 90 days after subscription ends	90 days after subscription ends	Storage costs. Export via Settings → Data before your subscription lapses if you need to keep photos.
Audit logs Who changed what, login events, API key usage, permission changes 2 years	2 years	Security investigation and compliance. Logs are append-only and cannot be modified.
API keys Shop API keys, restricted-scope keys Deleted immediately on revoke	Deleted immediately on revoke	Security. Once revoked, a key cannot be recovered. The key ID remains in audit logs.
Webhook delivery logs Request payload, response status, retry history per delivery 90 days	90 days	Debugging window. After 90 days, delivery logs are purged even if the subscription is still active.
Session & auth tokens User session tokens, OAuth tokens Deleted on logout or after 30 days of inactivity	Deleted on logout or after 30 days of inactivity	Security hygiene.

Data portability & export

You own your data. SalesThumb provides two export paths:

Self-serve CSV export

From Settings → Data, export CSV files for:

Customers — name, email, phone, notes, created date
Vehicles — year, make, model, VIN, license plate, linked customer ID
Appointments — date, service type, status, technician, customer, vehicle
Invoices — line items, totals, payment status, paid date
Payments — amount, method, reference, linked invoice

Exports are generated asynchronously and emailed to the account owner. Large shops (>50k records) may take up to 30 minutes.

Full data export request

We fulfill export requests within 30 days. The export is delivered as a password-protected ZIP via a secure download link. The link expires after 7 days.

Account closure & cascade delete

When you close your SalesThumb account, here is exactly what happens:

Immediate

Subscription ends, access disabled

Your shop and all user logins are disabled immediately. API keys stop working. Webhook deliveries halt. You can still request a data export during the grace period.

Day 1–30

Grace period

All shop data remains intact. You can reactivate your account at any time during this window — contact support. Use this window to download any CSV exports you need from Settings → Data or request a full export via email.

Day 30

Cascade delete

At the end of the 30-day grace period, a cascade delete runs that permanently removes: customer records, vehicle records, appointments, quotes, media/photos, active API keys, and webhook subscriptions. This action is irreversible.

Retained 7 years

Financial records kept for compliance

Invoice records, line items, payment transaction records, and refunds are retained for 7 years after account close per tax and legal requirements. These records are stored in an isolated, encrypted archive inaccessible via the app or API. They are deleted automatically after 7 years.

Retained 2 years

Audit logs

Security audit logs (login events, API key usage, permission changes) are retained for 2 years regardless of account status.

The cascade delete on day 30 is permanent and cannot be reversed. Download your exports before closing your account or before the grace period ends.

Deletion requests (GDPR / CCPA)

For questions about data residency, sub-processors, or DPA execution, contact info@roffik.com.

Notes for developers

If you are building an integration on top of SalesThumb, keep these retention facts in mind:

Webhook delivery logs are available via the dashboard for 90 days. Design your endpoint to be idempotent and log payloads on your side if you need longer replay history.

API keys are deleted immediately on revoke — no grace period. Revoked keys return 401 instantly.

Deleted records return 404 from the API. There is no soft-delete concept exposed to the API — once a cascade delete runs, those IDs are gone.

Financial record archive (post-close invoices and payments) is not accessible via the API. If you need historical financial data, export it before account close.

Pagination cursors are valid for 24 hours. Do not cache cursors across sessions for long-running sync jobs.