Retention Policy
Effective date: 23 June 2026
This policy summarizes how long Zesty keeps key categories of data. Actual retention may vary when legal, tax, accounting, payment-provider, security, fraud-prevention, backup, dispute, or support obligations require a different period.
Retention table
| Data | Retention | Notes |
|---|---|---|
| Account and organization records | Active account period, then required legal and support window | Owners may request export or deletion review where available |
| Staff access and permissions | Active service period plus audit window | Kept to prove role and permission changes |
| Orders, bills, refunds, receipts, and tax context | Active service period plus tax and accounting window | Restaurants remain responsible for their own statutory records |
| Inventory, suppliers, recipes, expenses, and reports | Active service period unless deleted, archived, or exported | Aggregated analytics may be kept for reliability improvements |
| Customer records and loyalty data | Active service period or approved deletion/export process | Restaurant controller instructions apply where relevant |
| Support tickets and attachments | Needed support, security, quality, or legal period | Attachments should be relevant to the request |
| Uploaded assets and exports | While configured, then backup and audit window | Stored objects remain private unless configured otherwise |
| Technical logs and security events | Security, reliability, abuse, and incident review window | Legal requirements may extend retention |
| Backups and snapshots | Production backup lifecycle | Deleted data may remain until backup expiry |
| Marketing leads and contact requests | Business need, consent, legal basis, or unresolved request | Unsubscribe and deletion requests are honored where applicable |
Deletion and de-identification
Zesty may delete, archive, de-identify, or anonymize data when it is no longer needed. Some records cannot be deleted immediately because of legal, tax, accounting, payment, audit, security, backup, fraud-prevention, or dispute obligations.
Customer and staff requests
Access, correction, export, withdrawal, and deletion requests are handled through the Privacy Request Process. Restaurant customers and staff should usually contact the restaurant first because the restaurant controls much of the operational data.
Contact
For retention questions, use Contact Zesty or contact hello@zesty.id.