Data handling

What we collect

Limena stores three categories of tenant data:

• CRM data — contacts, companies, deals, outreach records, prospect lists, segments, campaign metadata, and notes you create or import.
• Operational data — user accounts, session tokens, API keys, audit log entries, AI usage records, integration credentials (encrypted at rest).
• Email content — when you connect a Gmail or Microsoft 365 account to send via Limena, message bodies and metadata for messages sent + replies received through the integration. Source-of-truth stays in your own mailbox.

How it’s processed

Tenant data is isolated at the database layer via PostgreSQL row-level security (RLS). Every tenant-scoped row carries a tenant_id; every query runs with a per-request app.current_tenant_id setting that the RLS policy uses to filter rows. A misconfigured query returns zero rows rather than another tenant’s data — the boundary is enforced by the database, not by application code.

Retention

• CRM data is retained for the lifetime of the tenant. Deletion of a tenant deletes all associated rows.
• Audit log retention defaults to 730 days per tenant; configurable in tenant settings.
• Refresh tokens are pruned 7 days past expiry. Revoked tokens are pruned 24h after revocation (theft-detection grace period).
• Soft-deleted contacts are hard-deleted after a 30-day grace period (GDPR erasure window); PII in the audit trail for those contacts is redacted at the same point.

Export + deletion

Tenant admins can export the full audit log to CSV from Settings → Audit log → Export. For a full data export or tenant deletion request, email hello@limena.io. We commit to acknowledging within 5 business days and completing within 30.