Data Retention Policy
Last updated: March 1, 2026
This Data Retention Policy explains how long Lither keeps each category of data, the reason we keep it, and the event that triggers its deletion. It complements our Privacy Policy and applies the GDPR principle of storage limitation: we keep data no longer than is needed for the purpose it was collected, or no longer than the law requires.
Retention by Data Category
Default periods are listed below. Statutory periods (for example accounting law) override shorter defaults where they apply. Periods may be extended where needed to resolve a dispute, enforce our agreements, or comply with a legal hold.
| Data category | Examples | Retention period | Deletion trigger |
|---|---|---|---|
| Account and profile data | Name, email, company, workspace settings, credentials | Life of the account; then deleted within 90 days | Deleted within 90 days after account closure |
| Billing, invoices and accounting records | Invoices, payment references, tax records (no card numbers) | 7 years | Retained 7 years as required by the Estonian Accounting Act |
| Contact and support messages | Support tickets, contact form submissions, email threads | Up to 2 years after the inquiry is resolved | Deleted up to 2 years after resolution |
| Usage and analytics data | Features used, session duration, device and browser info | Up to 14 months | Anonymized or deleted after 14 months; aggregates kept indefinitely |
| Fleet, GPS and telemetry data | Vehicle positions, routes, trips, stop events, sensor and IoT readings | Raw GPS position points: 30 days (rolling). Routes, trips and stop events: while the account is active, then within 90 days of closure | Position points auto-deleted after 30 days; the rest within 90 days of closure, or earlier on request |
| AI conversation and agent logs | Agent chat transcripts, prompts, tool-call records, generated outputs | While the account is active; then deleted within 90 days | Deleted within 90 days of closure, or earlier on request |
| Marketing and newsletter data | Subscription status, consent records, email engagement | Until you unsubscribe | Deleted on unsubscribe; consent records kept as proof |
| Cookies | Session and preference cookies, analytics identifiers | Per the Cookie Policy (session cookies up to 12 months) | Expire per the Cookie Policy |
Backups
Deletion from our live systems is immediate or scheduled as described above. Encrypted backups are kept on a rolling basis and are overwritten within 35 days. Data you delete may persist in a backup until that backup expires, after which it is permanently removed.
Anonymized data
Once data is irreversibly anonymized it no longer identifies you and is no longer personal data. We may keep anonymized and aggregated statistics indefinitely to understand usage trends and improve the platform.
Legal holds and exceptions
We may retain specific data beyond the periods above where required to comply with a legal obligation, respond to a lawful request, resolve a dispute, or enforce our agreements. The hold is limited to the data and the time strictly necessary.
Your rights
You can request access to, correction of, export of, or deletion of your personal data at any time. Where a statutory retention period applies, we will restrict processing of that data instead of deleting it until the period ends. See our Privacy Policy and GDPR page for how to exercise these rights.
Contact
For questions about this policy or to make a retention or deletion request, contact us at winston.van.der.pol@fastlane.ee or +31 637485988, or write to: Fastlane Grupp OÜ, Sepapaja tn 6, Lasnamäe linnaosa, 11415 Tallinn, Harju maakond, Estonia.