tailscale · belcortes-ts · Apr 24, 2025 · Apr 23, 2025 · Apr 24, 2025
diff --git a/data-retention-deletion/index.md b/data-retention-deletion/index.md
@@ -4,217 +4,73 @@ slug: data-retention-deletion
 policy: true
 faq: false
 weight: 12
-last_updated: 2025-04-07
+last_updated: 2025-04-23
 ---
 
-Tailscale must retain certain kinds of data for a minimum amount of time, to comply with legal requirements. At the same time, Tailscale wants to avoid retaining any identifiable data for longer than is necessary, in case of a breach.
+Tailscale must retain and process certain kinds of customer and user data to deliver the Tailscale Solution and to comply with our customer commitments and legal requirements. At the same time, Tailscale wants to avoid retaining data for longer than is necessary.
 
 ### Scope
 
-This policy applies to all data assets handled by Tailscale, including data from customers, potential customers, third parties, and employees.
+This policy applies to the data assets associated with customer accounts that are processed by Tailscale in connection with providing the Tailscale Solution.
 
 ### Schedule
 
-Tailscale should review the data it retains as part of reviewing its data register quarterly.
+Tailscale should review the data it retains as part of reviewing its data register at least annually.
 
 ### Retention period
 
-Data should be retained for a set period of time, depending on the type of data:
+Data subject to this policy will be retained for a set period of time, depending on the type of data:
 
 <table>
   <tr>
-   <td><strong>Category</strong>
-   </td>
-   <td><strong>Data</strong>
+   <td><strong>Data Assets</strong>
    </td>
    <td><strong>Retention period</strong>
    </td>
   </tr>
   <tr>
-   <td>Corporate
-   </td>
-   <td>Charter and bylaws
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Shareholder records
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Board minutes
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Policies and procedures
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Contracts
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>Financial
-   </td>
-   <td>Accounts payable/ receivable
-   </td>
-   <td>7 years
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Financial statements
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Sales records
-   </td>
-   <td>7 years
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Expense records
-   </td>
-   <td>7 years
-   </td>
-  </tr>
-  <tr>
-   <td>
+   <td>Customer account and tailnet live production data*
    </td>
-   <td>Payroll records
-   </td>
-   <td>7 years
+   <td>Duration of contract
    </td>
   </tr>
   <tr>
-   <td>Insurance
+   <td>Client logs (that is, Usage Data used for security and fraud prevention and analytics purposes)
    </td>
-   <td>Insurance records
-   </td>
-   <td>Indefinite
+   <td>12 months
    </td>
   </tr>
   <tr>
-   <td>Inventions
-   </td>
-   <td>Patents and patent applications
+   <td>Support communications and other customer service records
    </td>
-   <td>Indefinite
+   <td>5 years
    </td>
   </tr>
   <tr>
-   <td>
-   </td>
-   <td>Copyright and copyright applications
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Trademark and trademark applications
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Licenses
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>Employee
-   </td>
-   <td>Personnel files
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Compensation information
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Benefit plans
-   </td>
-   <td>Indefinite
-   </td>
-  </tr>
-  <tr>
-   <td>Customer
-   </td>
-   <td>Contracts
-   </td>
-   <td>Indefinite*
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
    <td>Payment and billing information
    </td>
-   <td>7 years*
-   </td>
-  </tr>
-  <tr>
-   <td>
-   </td>
-   <td>Usage logging and analytics
-   </td>
-   <td>5 years*
+   <td>7 years
    </td>
   </tr>
   <tr>
-   <td>
+   <td>Aggregated or anonymized data or reports
    </td>
-   <td>Support communications
-   </td>
-   <td>5 years*
+   <td>As long as needed for the business purposes
    </td>
   </tr>
 </table>
 
-*In response to a customer request and in compliance with legal requirements, Tailscale may also delete customer data prior to the end of the retention period.
+\*Tailscale acts as the data processor for this information pursuant to our DPA. In all other cases, Tailscale acts as the data controller.
 
-Where not specified, customer data should be retained no longer than is needed to provide the service, and anonymized or deleted afterwards.
+Where not specified, customer data will be retained no longer than is needed to provide the service, and anonymized or deleted afterwards.
 
 ### Privacy Policy
 
-Tailscale must delete customer data in accordance with the commitments, if any, made in [Tailscale’s Privacy Policy](/privacy-policy/). If the privacy policy is updated, the above retention periods should also be updated to reflect any changes.
+Tailscale will delete personal data pursuant to individual data subject requests in accordance with applicable data privacy laws as set forth in our [Privacy Policy](/privacy-policy/).
+
+### Suspension
+
+Tailscale may suspend routine deletion of customer data if required for security forensic analysis purposes or a legal hold involving such data. Legal holds may be issued, for example, in connection with an active, imminent, threatened or reasonably anticipated investigation, litigation, arbitration, subpoena, financial transaction, or other legal matter.
 
 ### Deletion method