Data Retention — Casa Inspect

This page tells you how long Casa Inspect keeps your data and what happens to it when you stop using the platform. It complements our Privacy Policy, which explains what we collect and how we use it.

1. While your account is active

We keep your organization's data — properties, bookings, inspections, cleanings, photos, contacts, audit logs — for as long as your account is active, so the platform can do its job. That's the baseline; the rest of this page is about what happens when you stop.

2. Account deactivation

You can deactivate your account at any time by emailing support@casainspect.com. (We're building a self-service deactivation control; until it ships, email is the path.) Deactivation is a soft state — your data is preserved, your team is signed out, and new sign-ins to the org are blocked.

You can reactivate within 30 days by replying to the deactivation confirmation email. Everything resumes exactly where you left off.

3. Permanent deletion (30 days after deactivation)

If you don't reactivate, we permanently delete your organization's data 30 days after deactivation. That includes:

Properties, rooms, room templates you customized
Bookings, guests, inspections, cleaning records
Inspection photos and any other uploads
Contacts, team members, crews, signup codes
SMS consent logs and message history
Onboarding sessions and audit trails

Deletion is run by an automated job, recorded in an internal audit log so we can confirm to you that it happened. Once your data is purged from the live database, the only trace left is in encrypted backups (see next section).

4. Encrypted backups (90-day rolling window)

We take encrypted backups of the live database every 8 hours and store them on a separate provider (Cloudflare R2) for disaster recovery. Backups roll off automatically on a 90-day retention schedule.

So a row deleted from the live database on day 30 may still appear in backups from before that date. Those backups expire on the same 90-day clock, meaning all traces of your data are gone within 120 days of deactivation at the absolute outside (30 days of soft-lock + up to 90 days of backup retention).

Backups are encrypted with AES-256-GCM keys held only by us; they are never made available to third parties or restored to a live system without an operational reason (e.g. a recovery from data loss affecting active customers).

5. Specific categories of data

Auth records (email + phone).Deleted on the same 30-day schedule as the rest of your org's data. If you have accounts in multiple Casa Inspect organizations, your auth record persists as long as any one org is still active.
SMS consent log. A2P 10DLC and similar telecom regulations require that we retain proof of consent for the period a number is active in our system. Consent records are deleted with the rest of your org on the 30-day schedule.
Aggregate / anonymized analytics. We may retain aggregate statistics that cannot be re-identified (counts, totals, time-series with no per-org dimension) for product analytics. These contain no personal information by construction.

6. Your rights under GDPR / CCPA

If you live in the EU (GDPR) or California (CCPA), you have the right to:

Access: Ask us for a copy of the data we hold about you.
Delete:Ask us to delete your data sooner than the standard retention window. We'll comply within 30 days of the request unless we have a legal obligation to retain (e.g. an active SMS consent record needed for compliance audit).
Correct: Ask us to correct inaccurate data.
Port: Receive your data in a machine- readable format.

Email support@casainspect.com to exercise any of these rights. Include the email address your account is registered under.

7. Changes to this policy

We'll update the “Last updated” date at the top of this page when this policy changes, and we'll email account owners about any material change at least 30 days before it takes effect.

Operated by JHB Property Management LLC. Questions? Contact support@casainspect.com.