LEGAL-38Awaiting deciderpolicy
Keep PII in analytics export for 90 days?
Marketing wants 90 days of raw event data. Our DPA today caps PII retention at 30 days. Analytics team is fine with hashed user IDs.
Decider
@elena · legal
due 2d
55%
Drafted memo
Hashing user IDs preserves cohort analysis and stays within the 30-day DPA window.
Keeping raw 90-day PII would require a DPA amendment with three of our enterprise customers.
Recommendation: hash + 30 days. Marketing keeps cohort analysis without renegotiating contracts.
Options
Hash + 30d retention
No DPA renegotiation; covers 95% of analytics needs
cost: 1 day to add hashing in the export pipeline
Keep 90d with DPA in force
Marketing keeps full event history
cost: DPA amendment with 3 enterprise customers (~3w legal cycle)
Drop PII entirely
Strongest privacy posture
cost: Marketing loses cohort analysis
When you ship Cloud, deciders pick from Slack or here. The decision is committed back as a memo under .crastinating/decisions/.