Data Deletion Policy

Data Deletion Policy — Rafflery.io

Effective date: 01 January 2026 Last updated: 11 December 2025

1. Overview

This policy covers how Rafflery handles requests to delete personal data — who can ask, what gets deleted, what we’re required to keep, and how the process works. If you want to understand the broader context for why we hold data in the first place, the Privacy Policy is the right starting point.

2. Who Can Request Deletion

Campaign Organisers can close their account and request deletion of associated data at any time, either through the account settings or by emailing [email protected] from their registered address.

Campaign Participants can request deletion of their entry data by emailing [email protected] with their email address (or Facebook account details used to enter) and the name of the campaign they entered. Alternatively, any entry confirmation email we send will include a data deletion link.

3. What Actually Gets Deleted

When an Organiser Closes Their Account

Within 30 days of account closure, we’ll delete the account profile and credentials, all campaign configurations (active and archived), integration access, and associated session and log data.

What we can’t delete immediately: billing and transaction records stay for 7 years because that’s a tax and legal compliance requirement. Fraud and abuse records may be held for up to 36 months. Anything under an active legal hold stays until that hold is lifted.

When a Participant Requests Erasure

Within 30 days of verifying the request, we’ll delete the participant’s entry records and email address from our systems and notify the Campaign Organiser so they can remove the data from their own email platform or CRM.

One thing to be clear about: Rafflery can only delete what’s in our systems. If a Campaign Organiser has already exported your data to their own tools — a Mailchimp list, a CRM, a spreadsheet — we can’t reach in and delete it there. You’d need to contact the organiser directly to request that.

Scheduled Deletion

Rafflery also runs automatic deletion on a monthly cycle for data that’s aged past its retention period. This runs without any request from users.

4. Facebook Login Data

If you entered a campaign via Facebook Login, we hold your public Facebook name and Facebook User ID. That data is subject to the same deletion process as email-based entries.

Rafflery also complies with Meta’s Data Deletion Request requirements. If you remove Rafflery from your Facebook app connections, Meta will send us an automated deletion request via our callback endpoint, which we process within 72 hours.

Facebook Data Deletion Callback URL: https://rafflery.io/legal/facebook-data-deletion

5. How Long It Takes

Request type	Timeframe
Account closure and deletion	Within 30 days of verified request
Participant erasure request	Within 30 days of verified request
Facebook automated callback	Within 72 hours
Scheduled automatic deletion	Monthly

Complex requests, or cases where we need extra time to verify identity, may take up to 90 days total. If that happens, we’ll let you know within the first 30 days.

6. Identity Verification

We verify every deletion request before we act on it. For most requests, that means confirming you have access to the email address or Facebook account the data is associated with. We won’t process a request we can’t verify — that’s to protect people from having their data deleted by someone else.

7. Confirmation

Once a deletion is complete, you’ll get a confirmation email stating what was deleted and, where anything was retained, the legal basis for keeping it.

8. Contact

Email: [email protected] Subject: Data Deletion Request