Data Storage Policy
Last updated: March 2026
This policy describes how Pressmark stores, protects, retains, and deletes your data. It complements our Privacy Policy with specific technical and operational details.
The short version: Your data is encrypted, isolated from other users, and stored on US-based infrastructure. We keep it only as long as needed. When you delete your account, a cascade deletion removes your data across all systems within defined timeframes.
How Your Data Is Stored
Database
Your account data, content (newsletters, research, profiles, conversations), and usage records are stored in a PostgreSQL database hosted by Railway, a US-based cloud infrastructure provider. The database is encrypted at rest using AES-256 and all connections use TLS encryption.
Access Isolation
We enforce database-level access controls that ensure each user can only query, view, and modify their own data. These controls are applied at the database layer, not just the application layer, meaning that even in the unlikely event of an application-level vulnerability, one user cannot access another user’s data.
Encryption
- At rest: AES-256 encryption on the database, managed by our infrastructure provider.
- In transit: TLS 1.2 or higher for all data transmitted between your browser and our servers, and between our servers and sub-processors. We enforce HTTP Strict Transport Security (HSTS) headers to prevent downgrade attacks.
- Credentials: Passwords are managed entirely by Clerk and are never transmitted to or stored on Pressmark’s servers. Payment card data is managed entirely by Stripe.
Security Headers
Our application enforces Content Security Policy (CSP) headers via Helmet middleware to prevent cross-site scripting, clickjacking, and other browser-based attacks.
Data Retention
We retain data for the minimum period necessary to fulfill its purpose. Specific retention periods are listed below.
| Data Type | Retention Period | Justification |
|---|---|---|
| Account data (name, email, settings) | Duration of account + 30 days post-deletion | Service operation; grace period for accidental deletion recovery |
| Your content (newsletters, research, writing profiles, audience profiles, industry profiles, templates, DNA analyses) | Duration of account + 30 days post-deletion | Service operation; your content is yours and persists as long as your account is active |
| AI conversation history (Pressy chats, tool call results) | 90 days rolling (auto-purged after 90 days of inactivity per conversation) | Continuity across editing sessions; data minimization |
| Usage logs (credit consumption, operations performed) | 12 months | Service operation, billing accuracy, abuse detection |
| Security event logs (including IP addresses) | 12 months | Security monitoring, incident investigation, fraud prevention |
| Billing records | Up to 7 years (held primarily by Stripe) | Tax law compliance, financial record-keeping obligations |
| AI provider logs | 7-55 days depending on provider | Provider safety monitoring — see Sub-Processor List for provider-specific periods |
| Marketing email records | Until unsubscribe; hashed suppression list maintained indefinitely | CAN-SPAM requires honoring opt-outs permanently |
| Privacy/deletion request records | 24 months | Legal compliance (CCPA §999.317(b)) |
We do not retain data “just in case.” When a retention period expires, data is permanently deleted through automated processes.
Account Deletion and Cascade Timeline
When you request account deletion (via the Service or by emailing privacy@getpressmark.com), we initiate a cascade deletion across all systems. Here is the specific timeline:
Within 24 hours
All primary data in our database is permanently deleted via cascade deletion. This includes your account information, all newsletters, research documents, writing profiles, audience profiles, industry profiles, templates, DNA analyses, conversation history, usage logs, and security events. This deletion is immediate and irreversible.
Within 30 days
- Clerk: Your authentication data (email, session tokens) is deleted from Clerk’s systems.
- Resend: Your email address is removed from our marketing audience (a hashed suppression record is maintained to honor your unsubscribe, per CAN-SPAM).
- Stripe: Your active subscription is canceled and the billing relationship is closed. Stripe may retain transaction records for up to 7 years as required by tax law — this is a legal obligation we cannot override.
Within 7-55 days
AI provider logs containing your data are automatically purged per each provider’s contractual retention schedule:
- Anthropic: 7 days
- OpenAI: 30 days
- Google (Gemini): 55 days
Exception: If any of your content was flagged by a provider’s safety classifiers during use, the flagged data may be retained by that provider for up to 2 years for investigation purposes. This is governed by the provider’s policies and is outside Pressmark’s control.
Within 90 days
Backup copies of database data are purged through standard backup rotation. After this window, no copies of your data exist in any Pressmark-controlled system.
What We Cannot Delete
- Stripe billing records: Transaction records may be retained by Stripe for up to 7 years to comply with tax and financial record-keeping laws (CCPA §1798.105(d) legal obligation exception).
- Safety-flagged content: Content flagged by AI provider safety systems may be retained by the provider for investigation, as described above.
- Legal holds: If data is subject to a valid legal preservation order (such as litigation or regulatory investigation), deletion may be suspended until the hold is lifted. We will inform you if permitted by law.
Incident Response
Breach Detection and Response
We monitor our systems for unauthorized access and security anomalies. If we detect a data breach affecting your personal information:
- Within 72 hours of confirming a breach that poses a risk to your rights, we will notify the relevant supervisory authority (as required by GDPR Article 33).
- Within 45 days of confirmation (or sooner if the risk is high), we will notify affected individuals with a description of what happened, what data was involved, what we’re doing about it, and what you can do to protect yourself. This satisfies Michigan’s Identity Theft Protection Act notification requirements.
- If 1,000 or more Michigan residents are affected, we will also notify consumer reporting agencies.
Encryption Safe Harbor
If compromised data was encrypted and the encryption key was not acquired by the unauthorized party, notification may not be required under Michigan law. However, we will assess each incident individually and err on the side of transparency.
Security Framework
Our security practices are informed by the NIST Cybersecurity Framework 2.0. We maintain documented security procedures that identify risks, implement safeguards, and regularly assess their effectiveness.
Sub-Processor Data Storage
Your data is also stored (temporarily or persistently) by our sub-processors. For complete details on each provider, their data categories, retention periods, and DPA status, see our Sub-Processor List.
All sub-processors operate under written Data Processing Agreements that require them to process your data solely on our instructions, implement appropriate security measures, and delete your data upon termination of the agreement or upon our instruction.
Google Gemini API Safeguard
Pressmark exclusively uses the paid tier of the Google Gemini API. Google’s data handling protections — including the commitment not to use your data for model training — apply only to paid API usage. We maintain engineering controls that prevent API requests from being routed through unpaid quota, ensuring your data always receives paid-tier privacy protections.
Questions
If you have questions about how your data is stored, retained, or deleted, contact us at privacy@getpressmark.com.