Data Retention Policy
Last Updated: March 10, 2026
Quick Summary (please read the full Data Retention Policy below)
- Why We Retain Data Long-Term: Estate planning documents may be needed decades after creation — at incapacity, death, or during probate. We retain data to ensure you (or your authorized representatives) can recover documents when they matter most.
- Active Systems: Your data is available in active systems for the duration of your account. Upon a valid deletion request, data is removed from active systems within 30 days.
- Backup Archives: Backup archives are retained for up to 5 years and then automatically deleted. Individual records cannot be selectively deleted from backups without compromising archive integrity.
- Deletion Requests: You may request deletion of your data from active systems at any time. Backup archives cannot be selectively deleted due to technical limitations, but are automatically removed through routine backup rotation within 5 years.
- Backup Restore: If we restore a backup to recover from a disaster, any data that was previously deleted at your request will be identified and re-deleted as part of the restore process, before restored data is made available to users.
1. Introduction
This Data Retention Policy explains how Sunset Life LLC (“we,” “us,” or “our”) retains your personal information in connection with the Plan Your Sunset platform and related services (the “Services,” as defined in our Terms of Service). This policy supplements our Privacy Policy.
2. Why We Retain Data Long-Term
Estate planning is inherently long-term. Documents such as wills, powers of attorney, and healthcare directives may not be needed until years or decades after they are created — often at a time when the document creator is incapacitated or has passed away. Premature deletion of estate planning data could result in the permanent loss of critical legal documents that beneficiaries, executors, or healthcare agents depend on.
For these reasons, we maintain extended data retention periods that significantly exceed typical consumer software practices.
3. Retention Periods
A. Active System Data
| Data Type | Retention Period |
|---|---|
| Account information (name, email, credentials) | Duration of active account |
| Estate planning documents and form data | Duration of active account |
| Third-party data (beneficiaries, executors, etc.) | Duration of active account |
| AI interaction logs (Larry conversations) | Duration of active account |
| Payment and billing records | Duration of active account + as required by law |
Upon a valid deletion request, your data is removed from active systems within 30 days.
B. Backup Archives
All data stored in active systems is periodically copied to encrypted backup archives for disaster recovery and long-term document preservation.
| Data Type | Backup Retention Period |
|---|---|
| All account and document data | Up to 5 years |
| AI interaction logs (Larry conversations) | Up to 5 years |
Backup archives are complete snapshots of our database infrastructure. Because individual records cannot be selectively removed from these snapshots without compromising archive integrity (see Section 4), all data types — including estate planning documents, account information, and AI interaction logs — are retained in backup archives for the same period. Backups older than 5 years are automatically deleted through our S3 lifecycle policy.
Vault data stored in backup archives remains protected by zero-knowledge encryption. We do not hold decryption keys, and this data cannot be accessed or read even if backup archives are restored.
Backup archives are encrypted and stored in secure, geographically distributed locations. Access to backup archives is strictly limited to authorized personnel for disaster recovery purposes only.
If we restore a backup to recover from a disaster, any data that was previously deleted at your request will be identified and re-deleted as part of the restore process, before restored data is made available to users.
C. AI Provider Data
Our AI Providers (OpenAI, Anthropic, OpenRouter, and others) may temporarily retain API inputs for limited periods for abuse monitoring and safety purposes. Specific retention periods vary by provider. Under our current API agreements: OpenAI retains data for up to 30 days; Anthropic retains data for up to 30 days; OpenRouter retention depends on the underlying model provider. We do not control AI Provider retention practices beyond our contractual agreements, and these periods may change. Please refer to each provider’s privacy policy for current details. See also Section 4 of our Privacy Policy.
4. Why Backup Data Cannot Be Selectively Deleted
Our backup archives use encrypted, immutable storage designed for disaster recovery. These archives are complete snapshots of our entire database — not individual user records. Individual record deletion would require decrypting, reconstructing, modifying, re-encrypting, and re-validating the entire archive — a process that would:
- Compromise the cryptographic integrity of the archive.
- Risk corruption of other users’ data stored in the same backup sets.
- Create extended periods during which data is unprotected during reconstruction.
- Undermine the reliability of our disaster recovery capabilities.
Additionally, any data stored in your personal Vault remains protected by zero-knowledge encryption within backup archives. Due to our zero-knowledge architecture, we do not have the technical ability to access or decrypt the contents of your Vault. This means we cannot produce Vault contents for any purpose, including in response to valid legal process. We will comply with all valid legal requests to the fullest extent technically possible, including by providing any non-encrypted metadata in our possession.
For these reasons, individual deletion requests are applied to active systems only. Backup archives are automatically deleted after 5 years through routine rotation. If a backup is restored, previously deleted data will be identified and re-deleted before restored data is made available to users.
5. Deletion Requests
A. Active System Deletion
You may request deletion of your data from active systems at any time by emailing [email protected]. Upon receiving a valid request, we will:
- Remove your data from active systems within 30 days.
- Confirm deletion by email.
- Note that backup archives will persist as described in Section 3B.
B. Backup Archive Deletion
Due to the technical limitations described in Section 4, individual records cannot be selectively deleted from backup archives. Backup data will be removed when:
- The relevant backup archive reaches its 5-year retention limit and is automatically deleted.
- Applicable law specifically mandates deletion from backup systems.
If a backup is restored to production after a disaster, any data that was previously deleted at your request will be identified and re-deleted as part of the restore process, before restored data is made available to users.
If you have questions about backup data, contact us at [email protected].
6. Account Inactivity
If your account is inactive for an extended period, we will not automatically delete your data. Estate planning documents may be needed long after the last account login. Your data remains available in both active systems and backup archives regardless of account activity.
However, certain features — including vault storage capacity and file type support — are subject to your active subscription plan. If your subscription expires or is not renewed, free-tier storage limits will apply to new uploads, though existing files will remain accessible.
We may attempt to contact you periodically to confirm your account status, but inactivity alone is not grounds for data deletion.
7. Data Portability
Before requesting deletion, you may export your data at any time through your account settings or by contacting us at [email protected]. We recommend downloading a copy of your documents before requesting account deletion.
8. Data Minimization
We collect and retain only the data necessary to provide our Services and fulfill the purposes described in this policy. We periodically review our data retention practices to ensure they remain proportionate and necessary. Data that is no longer needed for its stated purpose will be securely deleted or anonymized.
9. Changes to This Policy
We may update this Data Retention Policy from time to time. We will post the updated policy on our website with a revised “Last Updated” date. Your continued use of our Services after an updated policy is posted constitutes your acceptance of the changes.
10. Contact Us
Sunset Life LLC New York, NY, US
Email: [email protected]
Phone: +1 (646) 374-8826
Website: https://planyoursunset.com
Ready to Plan Your Sunset?
Start securing your legacy today with our simple estate planning platform. Complete legally valid documents in minutes.
Get Started Free