
Masonic Memory should only keep personal data for as long as needed for account access, training, administration, security, and legal purposes.
| Data Type | Retention Period |
|---|---|
| Approved user account | While the account is active or needed for administration |
| Pending invite | 30 to 90 days |
| Training progress | While the account is active, unless deleted or anonymised |
| Walkthrough attempts | While the account is active, unless deleted or anonymised |
| Activity logs | Around 12 months where practical |
| Admin audit logs | Around 24 to 36 months where practical |
| Feedback | While useful for support or improvement |
| Deleted account backup data | 30 to 90 days where practical |
| Security incident records | Up to 6 years where needed |
Note: These are suggested retention periods and should be reviewed before wider launch.