What we collect
Limena stores three categories of tenant data:
- CRM data: contacts, companies, deals, outreach records, prospect lists, segments, campaign metadata, and notes you create or import.
- Operational data: user accounts, session tokens, API keys, audit log entries, AI usage records, integration credentials (encrypted at rest).
- Email content: when you connect a Gmail or Microsoft 365 account to send via Limena, message bodies and metadata for messages sent + replies received through the integration. Source-of-truth stays in your own mailbox.
How it’s processed
Tenant data is isolated at the database layer via PostgreSQL row-level security (RLS). Every tenant-scoped row carries a tenant_id; every query runs with a per-request app.current_tenant_id setting that the RLS policy uses to filter rows. A misconfigured query returns zero rows rather than another tenant’s data. The boundary is enforced by the database, not by application code.
Retention
- crm_data
- lifetime of the tenantDeleting a tenant deletes all associated rows.
- audit_log
- 730 days by defaultConfigurable per tenant in settings.
- refresh_tokens
- pruned 7 days past expiryRevoked tokens are pruned 24 h after revocation (theft-detection grace period).
- soft_deleted_contacts
- hard-deleted after 30 daysThe GDPR erasure window. PII in the audit trail for those contacts is redacted at the same point.
Export + deletion
Tenant admins can export the full audit log to CSV from Settings → Audit log → Export. For a full data export or tenant deletion request, email hello@limena.io. We commit to acknowledging within 5 business days and completing within 30.