Data retention and deletion policy

Tailscale must retain certain kinds of data for a minimum amount of time, to comply with legal requirements. At the same time, Tailscale wants to avoid retaining any identifiable data for longer than is necessary, in case of a breach.

Scope

This policy applies to all data assets handled by Tailscale, including data from customers, potential customers, third parties, and employees.

Schedule

Tailscale should review the data it retains as part of reviewing its data register quarterly.

Retention period

Data should be retained for a set period of time, depending on the type of data:

Category Data Retention period
Corporate Charter and bylaws Indefinite
Shareholder records Indefinite
Board minutes Indefinite
Policies and procedures Indefinite
Contracts Indefinite
Financial Accounts payable/ receivable 7 years
Financial statements Indefinite
Sales records 7 years
Expense records 7 years
Payroll records 7 years
Insurance Insurance records Indefinite
Inventions Patents and patent applications Indefinite
Copyright and copyright applications Indefinite
Trademark and trademark applications Indefinite
Licenses Indefinite
Employee Personnel files Indefinite
Compensation information Indefinite
Benefit plans Indefinite
Customer Contracts Indefinite*
Payment and billing information 7 years*
Usage logging and analytics 5 years*
Support communications 5 years*

*In response to a customer request and in compliance with legal requirements, Tailscale may also delete customer data prior to the end of the retention period.

Where not specified, customer data should be retained no longer than is needed to provide the service, and anonymized or deleted afterwards.

Privacy Policy

Tailscale must delete customer data in accordance with the commitments, if any, made in Tailscale’s Privacy Policy. If the privacy policy is updated, the above retention periods should also be updated to reflect any changes.

Deletion method

Data may be destroyed by overwriting on disk, deleting a cloud resource, encrypting and destroying the key, resetting a device, and/or physical destruction.