Your right to deletion: You can delete your account and all associated data at any time from within the Mail-Organiser task pane (Settings → Delete My Account). Account deletion is processed within 30 days.
BakersGuild Limited applies the UK GDPR storage limitation principle (Article 5(1)(e)) to all personal data we hold. We retain data for no longer than is necessary for the purposes for which it is processed, and delete or anonymise it thereafter.
This policy sets out specific retention periods for each category of data we hold. These periods reflect a balance between:
| Data Category | Retention Period | Legal Basis | Deletion Method |
|---|---|---|---|
| Account profile (name, email, Microsoft ID) | Duration of account + 30 days after deletion request | Contract performance; legitimate interests | Hard deletion from D1 database |
| Microsoft OAuth access tokens | 24 hours (token lifetime) or account deletion | Contract performance | Automatic expiry; immediate deletion on sign-out |
| Email metadata (sender, subject, classification) | 12 months from scan date | Legitimate interests (service functionality) | Automated scheduled deletion |
| Inbox Score history | 12 months rolling | Contract performance (Pro+ feature) | Automated scheduled deletion |
| Billing and payment records | 7 years from transaction date | Legal obligation (HMRC, Companies Act) | Retained by Stripe; financial records anonymised by us |
| Support correspondence | 3 years from resolution | Legitimate interests (dispute resolution) | Deletion from support systems |
| Security and access logs | 90 days | Legitimate interests (security monitoring) | Automated rolling deletion |
| Anonymised usage analytics | Indefinitely (no personal data) | Legitimate interests (product improvement) | Not applicable — anonymised data retained |
| Sentinel detection logs | 90 days | Legitimate interests (security) | Automated rolling deletion |
| Chat session transcripts (MO Chat) | 30 days from session | Contract performance; service improvement | Automated scheduled deletion |
Mail-Organiser never stores email body content. Our API architecture requests only email metadata from the Microsoft Graph API, so email content cannot be retained because it is never accessed. This is the most significant data minimisation measure we implement.
You can request deletion of your account in two ways:
When you delete your account:
Certain records cannot be deleted due to legal obligations:
You have the right to receive a copy of your personal data in a portable format before deletion. To exercise this right, email privacy@mail-organiser.com. We will provide your data within 30 days in JSON format, including:
Deleting your Mail-Organiser account does not affect data held by Microsoft in your Outlook account. Your emails and Outlook folders are managed entirely by Microsoft. To remove Mail-Organiser's access to your Microsoft account, revoke the app's permissions through your Microsoft Account security settings at account.microsoft.com/privacy.
The folders created by Mail-Organiser in your Outlook (e.g., "Mail-Organiser / Banking") remain in your Outlook after account deletion. You can delete them manually in Outlook at any time.
We will notify users of changes to retention periods via email. If we increase a retention period, existing data will not be affected retrospectively — the new period applies only to data collected after the effective date of the change.
Data protection and deletion requests: privacy@mail-organiser.com