Effective: 12 July 2026
This explains how long different kinds of data are kept and what deletion does.
Your documents, files, reminders and settings stay on your device until you delete them or remove the app. Files are encrypted at rest with a device key.
If you enable backup, encrypted blobs are kept in our object storage so you can restore later. They remain until you delete the backup, turn backup off and remove it, or delete your account. We store only encrypted data we can't read.
A forwarded email and its attachments wait in a temporary, encrypted queue so the app can import them. Items are deleted on import, and any item still in the queue is automatically deleted after a default window (around 72 hours). We don't keep forwarded content as a permanent store.
An anonymous account id and forwarding alias are kept while your account exists, so forwards and backups route correctly. They are removed when you delete your account.
If you opt in to new‑document push, a device token is kept only while you stay opted in. Turning push off or deleting your account removes it; invalid tokens are also cleaned up.
Subscription and entitlement records associated with your account are kept while the account exists, to apply your plan correctly. Payment details are handled by the App Store or Google Play, not by us.
Deleting local data removes your on‑device documents, files and database, cancels pending reminders, and clears local keys. This does not, by itself, delete a cloud backup if you have one.
Deleting your account erases your server‑side footprint: the encrypted backup, the forward queue, the forwarding alias and related records. The account is marked deleted so other devices can no longer use it.
If backup is off, there is no cloud copy to restore on a new phone. Restore needs an encrypted backup plus your Recovery Kit.
Your encrypted backup is opened with your recovery key. If you lose it, we can't open the backup for you.
An email‑updates signup that has not yet been verified is kept for at most 12 months from the date you signed up. Active, verified subscriptions are kept until you withdraw your consent, the purpose ends, or the record is no longer needed. If you unsubscribe or withdraw consent (privacy@duesoon.co), your address is removed from marketing sends immediately; a minimal suppression record may be kept solely to prevent accidentally emailing you again.
Operational logs (for example, request ids and error traces used to keep the service running) may be retained for a short period and do not contain your document content. They are not used for advertising or cross‑app tracking.
Questions about retention or deletion: privacy@duesoon.co