Skip to content
Toado Docs

Data retention

Toado retains data conservatively. Active data lives indefinitely; archived data is preserved for a long retention window; deleted data is purged on a schedule.

Per-resource retention

ResourceActiveArchivedDeletedNotes
TicketsIndefinite365 days30 day soft-delete window, then permanentArchive is reversible. Delete (account closure) goes through soft-delete first.
CommentsIndefiniteSame as parent ticketSame as parent ticketComments live and die with their ticket.
Captures (screenshot, DevTools data)IndefiniteSame as parent ticketSame as parent ticketStored in object storage; deletion is asynchronous, may take 24 hours after the trigger.
AnnotationsIndefiniteSame as parent ticketSame as parent ticket
AttachmentsIndefiniteSame as parent ticketSame as parent ticket
API tokensUntil revokedn/aImmediately on revokeRevocation is effective immediately for new requests; in-flight requests may complete.
Audit logsIndefinite during account lifen/a90 days after account closure
Pending invitationsUntil accepted, revoked, or 14 daysn/aImmediately on revoke or expiry
Web app sessions30 days idlen/aImmediate on sign-out
Extension offline queueLocally on your machinen/aWhen you discard or Reset extensionThe queue is on the user’s device, not on our servers.

Archive

Archiving a ticket (or having it auto-archived by retention rules) moves it out of the active board into the project’s Archive view. Archived tickets remain searchable when is:archived is in the query. Archive is reversible at any time via restore_ticket.

After 365 days in archive, the data retention worker queues the ticket for deletion (with a 30-day soft-delete window during which restore is still possible).

You can opt out of automatic archive deletion in Settings › Data › Retention (when shipped). Default behavior keeps storage costs predictable.

Delete

There is no destructive delete in v1. Deletion happens only when:

  • An account is closed (the account owner triggers it from Settings › Account › Close account).
  • A company is deleted by its owner (also from settings).
  • The data retention worker permanently purges archived data after the retention window.

Deletion is a soft-delete first: data is marked deleted and hidden from all queries, then permanently purged 30 days later. Within the 30-day window, support can restore on request.

Account closure

When an account is closed:

  1. Sign-in is disabled immediately for that user.
  2. The user is removed from all companies they were a member of.
  3. Tickets they created remain in those companies (with the user’s name preserved as the creator).
  4. Comments they posted remain (with their name as the author).
  5. Personal API tokens are revoked.
  6. Any companies where they were the sole owner are queued for deletion (with email warning).
  7. Personal data (email, name, profile picture) is purged after the 30-day soft-delete window.

Company deletion

When a company is deleted by its owner:

  1. All projects, tickets, comments, captures, annotations, and attachments are queued for deletion.
  2. All members lose access immediately.
  3. After the 30-day soft-delete window, all data is permanently purged.

A company with active billing must cancel billing before deletion. See your billing settings.

Object storage

Captured screenshots and attachments live in object storage (S3-compatible). Deletion requests propagate asynchronously. A deleted ticket’s screenshot may remain in object storage for up to 24 hours after the relational delete. The bytes are unreachable via any Toado API during this window.

Backups

We take encrypted backups of the relational database daily, retained 30 days. Object storage has its own provider-side replication and lifecycle.

Backups are operational (used for disaster recovery), not user-facing. We do not restore individual tickets from backup.

Where to next