How long you retain visitor intelligence data is a compliance decision that affects your risk profile, your storage costs, and your ability to demonstrate regulatory compliance. This lesson covers how to set a defensible policy.
GDPR requires that personal data be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed" (Article 5(1)(e) — the storage limitation principle). Even where visitor intelligence data is primarily company-level, applying this principle to all visitor data is best practice.
For most B2B companies, a 12-month retention period for raw visit session data is defensible and practical. The business case: a company that visited 12 months ago and hasn't been contacted is unlikely to be a current opportunity; the data's commercial value has expired. Longer than 24 months is difficult to justify under storage limitation principles.
For company-level records (firmographic data, not raw session logs), longer retention (3–5 years) can be justified for CRM-integrated records under the legitimate interest of maintaining business relationships.
In Kopimore account settings, you can set an automatic data retention period. Visit data older than this threshold is automatically deleted from Kopimore's servers. Configure this to match your documented retention policy — the two documents should be consistent.
Once Kopimore data has been synced to your CRM, the retention period of the CRM record is governed by your CRM data retention policy — not Kopimore's. Ensure your CRM policies are also documented and consistently applied.