Data minimization
Control customer data retention to maintain GDPR and data protection compliance. Set retention periods for customer properties and event attributes, and configure automatic deletion for events that exceed their lifecycle.
As the data controller, you determine how long data remains in the system and when it's permanently deleted.
How long to keep data
Keep data only as long as you need it for your business purposes. As the data controller, you're responsible for setting appropriate retention periods for customer properties and event attributes.
- If data is no longer useful, delete it.
- If you can’t justify why you’re keeping the data, you shouldn’t have it.
Why "as long as necessary" is deliberately vague: There's no one-size-fits-all retention period. What makes sense for your business depends on your industry, use cases, and processing purposes. A 3-month retention might be perfect for recommendations, but too short for seasonal trend analysis.
For starting points by use cases, see Recommended expiration periods.
When retention periods are clear
Sometimes you know exactly when data should expire:
Example 1: Limited-time events
If a customer gives consent to participate in an online competition, set data expiration for when the competition ends.
Example 2: Legitimate interest
If you're processing data under legitimate interest, the purpose usually has a clear end date. Set expiration accordingly.
When consent has no clear end date
Customers often give open-ended consent—for example, consent to use their data for analytics. But open-ended doesn't mean forever.
Why you still need to delete: Data from years ago isn't useful for relevant analysis today. If you can't justify keeping it, you shouldn't.
How to decide: Ask yourself: "Is this data still helping me achieve the original purpose?" If not, it's time to delete it.
Set data expiration
Define custom expiration for each event type (like page_visit or purchase). Events are automatically deleted when they pass their expiration period.
To set expiration
-
Go to Data & Assets > Data manager.
-
Click ... (more options).
-
Select Data expiration.
-
Set expiration periods for each event type.
Setting expiration helps optimize your Maximum event storage (MES) usage. Read more in our this best practices article.
Recommended expiration periods
Not sure how long to keep different event types? See the How to reduce MES article for recommended retention periods. The table there shows:
- Which events you don't need to track.
- Recommended retention periods for common event types.
- How to optimize your data storage.
Use these as a starting point. Expiration periods vary by industry and project. What matters is whether you can justify the retention period for your specific purposes.
Example purposes and typical periods:
| Purpose | Typical retention period |
|---|---|
| Evidence for data protection inquiries | No expiration (keep indefinitely) |
| Seasonal analysis | 13 months |
| Recommendations and predictions | 3 months |
| Customer consent preferences | No expiration (needed for ongoing compliance) |
Prevent accidental data loss
Always adjust expiration periods to your specific case. If you're working on an existing project, consult your Customer Success Manager before making any changes to avoid accidentally deleting important data.
Why some data needs longer retention
Some events need to be kept longer to ensure your website and customer experience work smoothly. For example:
- Consent preferences: Keep these indefinitely so customers aren't asked repeatedly for consent or contacted against their wishes.
- Purchase history: May need longer retention for warranty handling, customer service, or financial reporting.
- Account creation events: Often kept indefinitely (or for a long statutory period) for audit and compliance purposes.
When in doubt, ask your CSM or check with your Legal team before changing expiration settings.
Updated 4 days ago