Select Page

Data Retention Policy

  1. Home
  2. About Us
  3. Privacy Policy
  4. Data Retention Policy

Modern Postcard and Modern iO Data Retention Policy

Last updated: 6/03/2026

Modern Postcard, Modern iO, and their affiliated businesses retain personal information only for as long as reasonably necessary and proportionate to achieve the purposes for which it was collected, processed, or retained, or for another compatible disclosed purpose.

This Policy is intended to describe Modern Postcard’s data retention practices and support transparency under applicable privacy laws, including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, collectively referred to as CCPA/CPRA, where applicable.

We apply principles of data minimization and purpose limitation when determining how long information should be retained. Personal information collected for one purpose is not processed for incompatible purposes without appropriate notice or consent where required by law.

Retention periods and retention criteria are disclosed below to help explain how we manage information throughout its lifecycle.

Consumer Rights Granted Under CCPA/CPRA

The following rights may be available to California consumers and certain other U.S. residents under applicable law:

  • Right to know the categories and specific pieces of personal information collected and the purposes for which they are used.
  • Right to access and, where applicable, correct inaccurate personal information.
  • Right to delete personal information, subject to legal exceptions.
  • Right to opt out of the sale or sharing of personal information.
  • Right to limit the use and disclosure of sensitive personal information where applicable.
  • Right to equal treatment and non-discrimination for exercising privacy rights.

Consumers may exercise applicable privacy rights using the methods provided in the Modern Postcard Privacy Policy.

Purposes for Data Retention

Modern Postcard retains personal information when reasonably necessary for business, operational, legal, security, and compliance purposes, including:

  • Providing products and services to customers.
  • Processing and fulfilling orders, transactions, direct mail campaigns, and related services.
  • Maintaining customer accounts, service records, job history, and customer support records.
  • Supporting job restoration, creative file retrieval, historical job references, and production continuity.
  • Sending newsletters, publications, order updates, service communications, or program updates where permitted.
  • Complying with applicable laws and regulations, including financial, tax, accounting, postal, labor, employment, and reporting obligations.
  • Protecting against security incidents, fraud, unauthorized activity, or misuse of systems.
  • Supporting internal investigations, audits, reporting, and compliance reviews.
  • Preserving intellectual property rights, contractual records, and business records.
  • Defending, pursuing, or preserving legal claims, litigation holds, or dispute records.
  • Supporting Modern iO services, including direct mail retargeting, audience matching, campaign measurement, attribution, suppression, reporting, and related business operations.

These purposes are limited to what we believe is reasonably necessary and proportionate based on the type of information, the nature of the service, the relationship with the customer or client, and applicable legal or business requirements.

Information Modern Postcard Collects

Modern Postcard may collect personal information directly from consumers, customers, clients, prospects, job applicants, and other individuals when they create an account, complete online forms, place orders, request information, participate in surveys, use our services, contact us by chat, phone, email, or other communication channels, or interact with our websites.

The categories of information may include:

  • Identifiers, such as real name, postal address, IP address, email address, or other similar identifiers.
  • Categories of personal information described in California Civil Code § 1798.80(e), such as name, address, telephone number, employment information, credit or debit card numbers, or other financial information.
  • Commercial information, such as products or services purchased, obtained, or considered, and purchasing or consuming histories or tendencies.
  • Internet or other electronic network activity information, such as browsing history, search history, and interactions with our websites, applications, emails, advertisements, or services.
  • Employment-related information.
  • Certain account-related credentials or security information may be retained only as needed for account security, fraud prevention, system protection, legal compliance, or other purposes permitted by applicable law.
  • Inferences drawn from the above categories.

For complete details regarding how we collect, use, disclose, share, and otherwise process personal information, please refer to our Privacy Policy at:

https://www.modernpostcard.com/about/privacy-policy

Depending on applicable law and the specific technology or service involved, certain data disclosures related to analytics, advertising, website technologies, Modern iO services, or service providers may be considered “sharing” under California privacy laws.

Modern Postcard and its subsidiaries do not collect consumer medical information.

Information We Automatically Collect

As with many website operators, we automatically collect information that your browser sends when you visit our sites or interact with our online services. This may include information collected through cookies, pixels, tags, analytics tools, and similar technologies.

For full details, please see our Privacy Policy at:

https://www.modernpostcard.com/about/privacy-policy

Data Retention Periods and Criteria

The following retention periods have been determined to be reasonably necessary for the disclosed purposes. Where a specific period is not feasible, we apply the criteria listed in our Privacy Policy, including the nature and length of the relationship with the consumer, the type of products or services provided, mandatory legal retention periods, applicable statutes of limitation, operational requirements, and the impact on service delivery.

We periodically review and update these periods to ensure ongoing alignment with business needs, privacy requirements, and data minimization principles.

Consumers may submit a verifiable request to delete their personal information at any time. We will honor such requests unless retention is required or permitted by law, contractual obligations, operational requirements, legal exceptions, or applicable CCPA/CPRA exemptions.

Consumer Contact Data

Consumer Contact Data, such as identifiers and contact information, is retained for up to ten (10) years after the last interaction or account activity.

This standard period is justified by ongoing service needs, legal and financial compliance, reporting obligations, customer support, account history, and business continuity. Shorter retention may be accommodated through a valid deletion request, subject to applicable exceptions.

Mailing List Data

Mailing List Data, such as marketing, subscription, campaign, and mailing-related information, is retained for up to ten (10) years after the last engagement, campaign activity, or opt-out.

This standard period is justified by service delivery, re-engagement where permitted, suppression management, campaign history, reporting, compliance, and business continuity. Shorter retention may be accommodated through a valid deletion request, subject to applicable exceptions.

Creative Files Data

Creative Files Data, such as design files, artwork, job archives, production files, and related project materials, is retained for up to ten (10) years after project completion or last use.

This standard period is justified by customer service needs, job restoration requests, intellectual property preservation, contractual obligations, historical job reference, production support, and business continuity. Longer retention may apply where required or permitted for legal protection, operational needs, customer support, or archive continuity.

Modern iO Address Data

Modern iO Address Data, such as identifiers and contact mailing information, is retained for up to three (3) years after the last interaction, campaign activity, or account activity.

This standard period is justified by ongoing service needs, legal and financial compliance, reporting obligations, suppression, attribution, campaign history, and related business operations. Shorter retention may be accommodated through a valid deletion request, subject to applicable exceptions.

Modern iO Service Records

Client-provided campaign data, suppression files, website activity data, match-related data, reporting data, and other Modern iO service records may be retained for the period reasonably necessary to provide the requested services, support campaign performance, maintain records, comply with applicable obligations, or fulfill the purposes described in this Policy, the Modern Postcard Privacy Policy, and the Modern iO Privacy Policy.

Deletion, De-Identification, and Exceptions

Upon expiration of the applicable retention period or receipt of a valid deletion request, personal information is securely deleted, anonymized, or de-identified unless retention is required or permitted by law, contractual obligations, operational requirements, legal exceptions, or applicable CCPA/CPRA exemptions.

We may retain certain records where necessary to:

  • Complete transactions or provide requested services.
  • Comply with legal, regulatory, tax, accounting, postal, or contractual obligations.
  • Maintain security, prevent fraud, or investigate unauthorized activity.
  • Preserve records for audits, reporting, disputes, or legal claims.
  • Maintain suppression records or opt-out records where needed to honor privacy choices.
  • Support business continuity, disaster recovery, or archival integrity.

We maintain records of consumer requests for at least 24 months or as otherwise required by applicable law.

Data Sharing with Partners and Service Providers

Modern Postcard may disclose certain personal information to trusted partners, contractors, service providers, and technology providers that assist us in delivering and improving our services. These may include providers that support order fulfillment, payment processing, marketing communications, technical support, data analytics, printing, mailing, campaign reporting, cloud hosting, security monitoring, Modern iO services, and related business operations.

Such disclosures occur only to the extent reasonably necessary to fulfill the specific business purposes authorized by us and disclosed to consumers or clients.

These partners and service providers are expected to:

  • Process personal information only for authorized business purposes and in accordance with applicable agreements.
  • Implement and maintain appropriate technical and organizational security measures.
  • Support data minimization, purpose limitation, and retention practices aligned with applicable law and the services provided.
  • Delete, return, anonymize, or de-identify personal information upon completion of services or upon instruction, unless longer retention is required or permitted by law, contractual obligations, operational needs, or applicable legal exceptions.

Service providers are not authorized to use personal information for unrelated independent purposes. For additional details regarding how we disclose, share, or otherwise process personal information, please refer to our Privacy Policy at:

https://www.modernpostcard.com/about/privacy-policy

Policy Review

This Policy is reviewed regularly to maintain alignment with applicable privacy obligations, business practices, operational needs, and data minimization principles.

For any questions or to exercise applicable privacy rights, please contact us using the methods provided in the Modern Postcard Privacy Policy.