1. Principle

Doqubox is designed to keep temporary document exchange data only as long as needed for the customer workflow, while retaining account, billing, security, and statutory records where necessary.

The periods below describe the current default policy. Customer-specific agreements, product settings, legal obligations, security needs, or incident handling may require a different retention period.

2. Document exchange data

• Incoming uploaded documents:

  Retained according to the company's message retention setting. The default is 7 days unless the customer plan or agreement provides another period.
• Outgoing file transfers:

  Available temporarily and designed to expire by default after 7 days unless a different service setting applies.
• Document requests:

  Request status, recipient details, and related metadata are kept while needed to operate the request, show progress, support auditability, and apply deletion or expiry behavior.
• Deleted or expired exchange data:

  Removed from active access and then cleared through operational deletion and backup rotation processes.

3. Account and company data

• Company, user, and subscription records:

  Retained for the account lifetime and a reasonable period afterwards for administration, security, dispute handling, and legal obligations.
• Branding and domain settings:

  Retained while the account or related configuration remains active.
• Support communications:

  Retained as long as needed to handle the request, maintain service history, and meet legal or security needs.

4. Billing and payment data

• Invoices and accounting records:

  Retained according to applicable statutory accounting obligations.
• Payment identifiers and mandates:

  Retained as needed to manage payments, refunds, chargebacks, accounting, and legal obligations.

5. Security and operational data

• Activity records and events:

  Retained as needed for customer visibility, audit support, abuse prevention, troubleshooting, and security investigations.
• Application and infrastructure logs:

  Retained for operational and security purposes. Exact periods may vary by log type and environment.
• Sessions and authentication data:

  Retained until logout, expiry, replacement, or deletion where needed for account security.
• Backups:

  Kept on a rolling basis. Deleted records may remain in backups until the relevant backup expires or is rotated out.

6. Customer responsibilities

Customers should download or process documents before expiry, configure internal retention policies, avoid unnecessary collection, and keep their own records where legal or business obligations require longer storage.

For data subject requests or deletion questions, contact support@doqubox.com.

7. Related resources

• Security page
• Data Processing Addendum
• Privacy policy