Overview
Shulware is committed to protecting customer data while maintaining the operational records necessary to ensure platform reliability, financial compliance, and security.
This article outlines how long different categories of system data are retained and how we manage log and communication records.
Our retention practices are designed to:
Protect personally identifiable information (PII)
Minimize unnecessary data storage
Maintain compliance with financial and regulatory requirements
Support security monitoring and audit integrity
Retention Overview
| Data Category | Examples | Retention Period |
|---|---|---|
| Email & Communication Logs | Send logs, click tracking, bounce tracking | 2 years after email is sent |
| Audit Logs (Financial) | Transaction-related audit records | Retained for financial compliance |
| Audit Logs (Non-Financial) | Administrative and system activity logs | 2 years |
| Login & Security Logs | Login attempts, login failures | 90 days – 2 years (depending on log type) |
| API & System Error Logs | API errors, debug logs | 2 years |
| Application Usage Logs | App activity and token usage | 1 year |
| Payment Processing Logs | Recurring payment attempts, payment errors | 2 years |
| Integration Logs | QuickBooks sync history | 6 months |
| Form Draft Versions | Auto-saved drafts of inactive forms | Deleted when inactive and unused |
| Legacy / Unused Tables | Deprecated system tables | Permanently removed |
Key Principles
Shulcloud retains data only as long as necessary.
Financial records are preserved to meet compliance requirements (8 years)
Security logs are retained to support fraud prevention and incident response.
Obsolete or unused datasets are permanently deleted.
Time-based deletion policies are enforced automatically on a rolling basis