This schedule summarises the default retention periods used by the application for operational and security-related data.
| Data | Default retention |
|---|---|
| Audit logs | 365 days |
| Magic-link tokens | 30 days after expiry/use |
| Magic-link send log | 90 days |
| Admin 2FA codes | 14 days after expiry/use |
| CSV preview tokens | 7 days after expiry/use |
| Draft autosaves | 30 days since last autosave |
| Captain submissions | Retained for league administration unless later anonymised or deleted under an approved process |
Where a data subject request is upheld, relevant captain contact data can be exported or anonymised through the league’s admin processes.