Superchat stores data only as long as necessary for the platform to function. As a Superchat customer, you are the data controller for your contacts' personal data — meaning you decide when data should be deleted and you are responsible for ensuring your practices comply with applicable data protection law (e.g. GDPR).
Your Responsibility
Superchat acts as your data processor. You, as the customer, are the data controller. This means:
You are responsible for deleting contact data when it is no longer needed.
You must respond to erasure requests (Art. 17 GDPR / "right to be forgotten") from your contacts.
Superchat provides the tools to fulfill these obligations — but the decision to delete lies with you.
How Contact Deletion Works
When you delete a contact in Superchat, the following happens:
Step 1
The contact and all associated data are marked as deleted in our database. This includes:
All conversations, messages, and attachments
All notes linked to the contact
Step 2
After 21 days, all remaining field values (name, phone number, email, custom attributes, etc.) are overwritten with randomised strings (e.g. jakdheiurjer84j346392j3lrne). This process is called obfuscation and, after this point, the data is fully irrecoverable — even by Superchat.
This two-step approach gives a short, 21-day correction window before permanent anonymisation is complete.
Automating Data Deletion
You do not need to delete contacts manually. You can go to Automations in your Superchat dashboard and create a workflow with a deletion or archiving action.
This is especially relevant for GDPR compliance under the storage limitation principle (Art. 5(1)(e) GDPR), which requires that personal data is not kept longer than necessary. Automating deletion removes the need for manual monitoring and reduces compliance risk.
Superchat's Automations feature allows you to define rules that automatically delete contacts or close conversations based on triggers — for example:
Delete a contact or conversation a set number of days after their last interaction.
Trigger deletion based on contact attributes, tags, or lifecycle status.
Data Retention by System
System or Application | Data Description | Retention Period |
SuperX GmbH SaaS Products (AWS) | Customer Data | 21 days after account deletion |
SuperX GmbH Technical Logs (Datadog, Sentry) | Customer instance and metadata, debugging data | Up to 14 days in DataDog, in Sentry indefinite |
SuperX GmbH Customer Support Tickets (Intercom, Linear) | Support Tickets and Cases | Indefinite |
SuperX GmbH Customer, Support Phone Conversations (AirCall, Sipgate) | Support Phone Conversations | Up to 365 days after contract termination |
SuperX GmbH Security Event Data | Security and system event and log data, network data flow logs | AWS - 1 year |
SuperX GmbH Vulnerability Scan Data | Vulnerability scan results and detection data | Indefinite |
SuperX GmbH Customer Relationship Management (Hubspot) | Opportunity and Sales Data | Indefinite |
Security Policies | Security Policies | 1 year after archive |
Temporary Files | AWS /tmp ephemeral storage | Automatically when process finishes |
SuperX GmbH Data Warehouse | Customer and usage data | Indefinite |