Data Retention Policy

Last updated: March 12, 2026

This policy describes how Hello Sales retains and deletes data associated with our certificate processing service.

Free Validator (No Account)

When you use our free certificate validator without creating an account:

  • Your uploaded certificate is sent to our OCR provider for processing and is not stored by Hello Sales after processing is complete.
  • Extracted field data and validation results are returned to your browser and are not saved on our servers.
  • No personally identifiable information from the certificate is retained.

Account Users

When you create an account and use Hello Sales to manage certificates:

Certificate files

  • Uploaded certificate files (PDFs, images) are stored securely for as long as your account is active.
  • Files are stored with encryption at rest on our hosting infrastructure.

Extracted data

  • Field values extracted from certificates (names, addresses, tax IDs, exemption types, etc.) are stored in our database and associated with your account.
  • Validation results and any edits you make to extracted values are retained with a full audit trail.

Account information

  • Your name, email address, and account settings are retained for as long as your account is active.

Data Deletion

Deleting individual certificates

You may delete individual certificates from your account at any time. Deleted certificates are soft-deleted (marked as removed) and permanently purged from our systems within 30 days.

Deleting your account

You may request deletion of your entire account by contacting us at privacy@hellosales.co. Upon account deletion:

  • All certificate files will be permanently deleted.
  • All extracted data and validation results will be deleted.
  • Your account information will be removed.
  • Deletion will be completed within 30 days of your request.

Backup and Recovery

Our database backups are retained for up to 30 days for disaster recovery purposes. Deleted data may persist in backups during this period but is not accessible through normal operations and will be removed as backups rotate.

Third-Party Data Retention

  • AWS Textract: Certificate files are sent to AWS Textract for OCR processing. AWS does not retain the content of processed documents after returning results, per their service terms.
  • Google Analytics: Analytics data is retained according to our Google Analytics configuration. This data is anonymized and does not include certificate content.

Legal Obligations

We may retain certain data beyond the periods described above if required by law, regulation, or legal proceedings. In such cases, data will be retained only for as long as necessary to comply with the applicable obligation.

Changes to This Policy

We may update this Data Retention Policy from time to time. Changes will be posted on this page with a revised "Last updated" date.

Contact Us

If you have questions about data retention or want to request data deletion, contact us at: privacy@hellosales.co