Cookie & Data Retention Policy
Effective date: 5 June 2025 | Version 1.0
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website. They allow the website to remember your session, preferences, and other information to improve your experience.
2. Cookies We Use
PS23 PA uses only the cookies necessary to operate the Service:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| sb-access-token | Essential | Supabase authentication — keeps you signed in | Session |
| sb-refresh-token | Essential | Supabase session refresh — maintains your login | 7 days |
| __vercel_toolbar | Functional | Vercel deployment toolbar (dev/staging only, not shown in production) | Session |
We do not use advertising cookies, third-party tracking cookies, or social media pixels.
3. Managing Cookies
Because the cookies we use are strictly necessary for authentication, the Service cannot function without them. You may disable cookies in your browser settings, but this will prevent you from signing in.
To delete your session cookies, sign out of PS23 PA — this clears your authentication tokens from your browser.
4. Local Storage
In addition to cookies, PS23 PA may use browser local storage to cache UI state (e.g. your last-selected document type or sidebar preference). This data is stored only on your device and is cleared when you clear your browser data.
5. Data Retention
The following retention periods apply to personal data we hold on our servers:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account profile (name, email, business) | Duration of account + 3 years after closure | Dispute resolution and legal compliance |
| Generated documents | Until deleted by user or account closure | User-controlled |
| Credit transaction records | 5 years from transaction date | Tax Act and accounting obligations |
| Usage logs (rate limiting) | 12 months | Fraud prevention and service improvement |
| Billing events (Paystack webhooks) | 5 years | Financial record-keeping |
| Server access logs | 90 days | Security incident investigation |
| Authentication logs | 90 days | Security monitoring |
| Terms acceptance records | Lifetime of account + 5 years | Legal proof of consent |
On expiry of the applicable retention period, data is permanently deleted or irreversibly anonymised so that it can no longer be associated with you.
6. Your Rights
You have the right under POPIA to request access to, correction of, or deletion of your personal data. See our Privacy Policy for full details on how to exercise these rights.
7. Changes to This Policy
We may update this policy when we change the cookies or data categories we process. We will notify you of material changes via the Service or by email.
8. Contact
PS23 Ventures (Pty) Ltd
Email: ps23support@gmail.com