1. Core Principles
- Bokko only retains personal data for as long as necessary for the specific purpose.
- Retention rules follow service delivery, security, and enforcement requirements.
- Bokko implements retention through system-level automated processes where available; otherwise, administrative or periodic purge processes are used.
2. Retention Schedule
| Data Category | Retention Period | Rule |
|---|---|---|
| Service Provider account data | During the term of the contract, then 90 days | Deleted or anonymized after the export and recovery window. |
| Service Provider profile and configuration | During the term of the contract, then 90 days | Retained only for a temporary transition period after termination. |
| Guest booking records | 60 months (5 years) | From appointment date or final status update. Based on general statutory limitation periods. |
| Booking event logs | 60 months (5 years) | Deleted along with the associated booking. |
| Guest profile and phone index | 60 months (5 years) from last activity | Synchronized with guest document deletion. No independent TTL. |
| Waitlist subscription data | Until salon-configured expiry (1–90 days, default: 30) | Automatically deleted by scheduled function upon expiry. |
| Guest response tokens | Until booking closure, or max 30 days after | Deleted or nulled after the matter is closed. |
| SMS and email delivery metadata | 12 months | Deleted after the delivery accountability period. |
| Review request email audit (task) log | 3 months from creation (createdAt) |
Operational audit and debugging purpose. NOT used for the 90-day frequency cap calculation — that lives on the guest record reviewRequestLastSentAt field. Automatically purged after 3 months by the purgeExpiredData scheduled job. |
| Rate limiting and security data | 12 months | May be extended during active incidents. |
| Customer communication (emails, support tickets) | 7 years | Based on legitimate interest for accountability and enforcement. |
| Internal admin notes for profiles | 7 years | Restricted to platform admin access; for operational accountability. |
| Legal enforcement communication | 5 years from case closure | Retained for contractual or legal claims. |
| Billing and accounting records | At least 8 years | Mandatory retention under Hungarian accounting laws. Independent controller purpose. |
| Admin and security audit logs | 7 years | Based on legal enforcement and security obligations. |
| Data export audit records & temp files | Until signed URL expiry | Temporary storage for compliance exports; deleted via TTL. |
| Lifecycle and system event logs | 6 months | For operational and incident investigation; automated purge. |
| Staff invitations | 30 days from expiry or acceptance | Automatically deleted for email PII cleanup. |
3. Deletion Rules
- Booking-related event logs and derived guest indexes are deleted in coordination.
- Response tokens are deleted or nulled after use or case closure.
- Bokko uses scheduled cleanup tasks for system-wide execution of the retention policy.
4. Data Subject Requests
Requests regarding guest booking data are handled by Bokko according to instructions from the relevant service provider, as the provider is the data controller. For Bokko's independent purposes, Bokko acts directly.
5. Review
This document is reviewed at least annually, or upon introduction of new data flows, providers, or legal requirements.