Aegis Pulse
Features Architecture Pricing Blog
Sign in Get started

Data Retention

Last updated: 2026-05-20

This page explains what data Aegis Pulse collects, how long we keep it, and the difference between what's stored and what your plan shows you. Plain English, no legalese.

Quick summary

  • Free plan shows the last 90 days of project data. We keep older data on file (re-fetching some sources is slow or impossible), but the dashboard, API, and exports only return rows inside that window.
  • Pro plan removes the visibility window. Your full history is fetchable.
  • Deleting your account removes your personal data and stops new collection. See Account deletion for the exact bounds.

The Free 90-day cap is a visibility limit, not a deletion timer. Upgrading restores access to older data immediately, no backfill needed.

What we collect

Pulse stores three categories of data on your behalf.

Account data

  • Email address, hashed password, display name, account creation timestamp
  • OAuth identity links if you sign in with GitHub or Google (provider, provider user ID, scopes you granted)
  • Encrypted OAuth access tokens, where you've explicitly authorized us to call third-party APIs on your behalf

Project configuration

  • Per-project source bindings you set in Settings: GitHub owner/repo, PyPI package name, Plausible site, Reddit subreddit list
  • Per-project credentials (GitHub PAT, Plausible API key) encrypted at rest using AES-GCM
  • Goals, milestones, and custom events you create

Collected insight data

  • GitHub traffic (clones, unique cloners, views, unique visitors)
  • GitHub stargazer events and releases (from the public GH Archive feed)
  • PyPI downloads (from the public PyPI BigQuery dataset)
  • Plausible analytics (visitors, pageviews, referrers, top pages), only when you've supplied a Plausible API key
  • Reddit post metadata for the subreddits you've configured

How long we keep it

Category Storage duration Free visibility Pro visibility
Account dataUntil account deletionn/an/a
Project configUntil you delete the project or your accountn/an/a
Goals / events you createUntil you delete them or your accountLast 90 daysUnlimited
GitHub trafficIndefinite (GitHub itself only serves the last 14 days; re-fetching old data is impossible)Last 90 daysUnlimited
GitHub stars / releasesIndefinite (re-derivable from GH Archive)Last 90 daysUnlimited
PyPI downloadsIndefinite (re-derivable from the PyPI BigQuery dataset)Last 90 daysUnlimited
Plausible analyticsIndefinite, limited by Plausible's own retentionLast 90 daysUnlimited
Reddit post metadataIndefiniteLast 90 daysUnlimited
Logs (request, error)30 daysn/an/a
Database backups30 days, rollingn/an/a

Why we keep data longer than the visibility window: some sources (GitHub Traffic) only expose a short rolling window. The day we stop collecting, that data is gone forever. Keeping it on file means upgrading to Pro restores your full history instantly, with no gap and no backfill.

How we use it

  • To render your dashboards and answer API calls.
  • To compute goal progress, streaks, records, and trend lines.
  • To send transactional email (sign-up confirmation, billing receipts, password resets). Never marketing without separate opt-in.
  • To debug issues. Logs may include request paths and error stack traces, scrubbed of credentials.

We do not sell your data, share it with advertisers, or use it to train ML models.

Where it lives

  • Application database: Postgres on DigitalOcean (NYC1 region)
  • Backups: encrypted snapshots in the same region, retained 30 days
  • Payment data (card numbers, billing addresses): handled entirely by Stripe; we only store the Stripe customer ID and subscription metadata
  • OAuth tokens: encrypted with AES-GCM using keys held in our infrastructure secrets store

Third-party data

When you connect a third-party source, that provider's own retention and privacy terms apply to the data you've authorized us to read:

  • GitHub: we read repo metadata, traffic, and stargazer events. Your GitHub OAuth grant can be revoked anytime at github.com/settings/applications.
  • Plausible: we read analytics for sites you've added an API key for. Plausible operates on a no-cookie, no-PII model; revoke by removing the API key in Settings · Projects.
  • PyPI: public download statistics only; no auth required.
  • Reddit: public post metadata only; no auth required.

Revoking a source stops collection but doesn't delete previously collected data. Use account or project deletion (below) for that.

Account deletion

When you delete your account from Settings · Profile:

  • Active subscriptions are canceled immediately (Stripe handles refunds per their policy).
  • Your account record, OAuth identities, and stored tokens are hard-deleted within 7 days.
  • All projects you own, plus their goals, events, and collected insight data, are hard-deleted in the same pass.
  • Project credentials (encrypted PATs, API keys) are deleted with the projects.
  • Database backups rotate out within 30 days; data from a deleted account becomes irretrievable once the last backup containing it expires.
  • Transactional email records (receipts, invoices) are retained for 7 years for tax / audit reasons, in line with standard US business record-keeping. These are tied to your Stripe customer record, not your application account.

Logs containing your IP or user agent are retained per the schedule above (30 days) and rotate out naturally.

Per-project deletion

Deleting a single project (Settings · Projects · Delete) is the same shape as account deletion, scoped to that project: config, credentials, goals, events, and collected insight data for that project are hard-deleted within 7 days. Other projects on your account are unaffected.

Export

Pro users can export their project data at any time via the API. The export includes all rows we've collected, regardless of the 90-day visibility window. Useful before downgrading or as a routine backup. Free users can export the last 90 days.

Your rights

If you're in a jurisdiction with statutory data rights (GDPR in the EU/UK, CCPA in California, etc.), you can:

  • Access the data we hold about you (Pro export covers most cases; email us for the rest)
  • Correct account-level fields directly in Settings · Profile
  • Delete your account and associated data as described above
  • Object to specific processing (though most of what we do is necessary to provide the service, so the practical option is account deletion)

Email hello@aegis-stack.io for anything the in-product flows don't cover. We aim to respond within 30 days.

Changes to this policy

We'll update the "Last updated" date at the top whenever we change anything material. If a change reduces what we store, what we retain, or how long, no notice is required. If a change expands collection or retention, we'll email account holders at least 14 days before it takes effect.