Data Retention Policy — Planeworthy

Overview

Planeworthy takes the protection and retention of your data seriously. This policy describes what data we back up, how often, how long we keep it, and what happens when you request deletion.

What Data Is Backed Up

We back up two categories of data:

Database records — your account information, aircraft profiles, maintenance entries, scheduled maintenance items, oil analysis data, notification preferences, and all other structured data stored in our PostgreSQL database.
Uploaded files — documents, photos, PDFs, oil analysis reports, and any other files you upload to the service. These are stored in Amazon S3 with versioning enabled.

Backup Frequency

Database backups run automatically every day. Each backup produces a full snapshot of the database. In addition, our database provider maintains continuous point-in-time recovery (PITR), allowing us to restore to any moment within the last 30 days.

Uploaded files are protected by S3 versioning, which preserves every version of every file. If a file is accidentally overwritten or deleted, we can restore the previous version.

Backup Retention

Daily database snapshots — retained for 90 days in immutable storage (cannot be deleted or modified by anyone, including Planeworthy staff)
Point-in-time recovery — 30-day continuous window
File versions — previous versions retained for 90 days after being replaced or deleted

Encryption

All backups are encrypted at rest. Database backups use server-side encryption (AES-256). Uploaded files use AWS-managed encryption keys. All data in transit uses TLS 1.3.

Geographic Location

All data, including backups, is stored in Amazon Web Services (AWS) data centers in the United States (us-east-1 region, Northern Virginia).

Monitoring

Backup jobs are monitored 24/7. If a backup fails or is missed, our on-call team is alerted automatically via PagerDuty. A daily digest email summarizes backup status, sizes, and any issues. We run quarterly restore drills to verify that backups can be successfully restored.

Account Deletion

When you request deletion of your account:

Your active data (database records and uploaded files) is deleted within 30 days of your request.
Existing backups that contain your data will expire naturally based on their retention period (up to 90 days). Backups are immutable and cannot be selectively edited.
After all retention periods expire, no copies of your data remain on our systems.

Data Export

You can export your complete data at any time through your account settings. Exports are available in CSV, PDF, and JSON formats. This right is available to all users, including those on read-only (cancelled) accounts. See our Privacy Policy for more details.

Related Policies

Privacy Policy — how we collect, use, and protect your data
Terms of Service — rules and guidelines for using Planeworthy
Security — our security practices and infrastructure

Contact

If you have questions about this policy or your data, contact us at privacy@planeworthy.com.