Data governance

Data retention and deletion

Retention, archival, deletion, and audit-preservation process for buyer, seller, execution, support, billing, and trust evidence.

Account and organization records

Retained while active, archived on deletion request, deleted or anonymized after legal holds clear.

Retained for tax, audit, dispute, and fraud windows; never deleted before required financial retention ends.

Retained for buyer audit and security investigation windows, then expired by S3 lifecycle policy.

Retained with the version record while the listing is active or discoverable.

Retained until resolution plus the dispute window, with audit evidence preserved for repeat-abuse detection.

Aggregated for product metrics; raw event payloads should be minimized and expired once operational reporting is complete.

Verify requester identity and organization authority.
Export account, billing, support, execution, and marketplace records needed for disclosure.
Classify records as delete, anonymize, archive, or retain for legal, billing, audit, or security obligations.
Revoke active sessions, repository connections, execution credentials, and optional analytics consent.
Record the deletion decision, retained categories, completion date, and reviewer in audit logs.