Data retention: how long should enquiry forms live in your inbox?
Short answer: Keep personal data only as long as you have a legitimate need—sales follow-up, legal record-keeping, or dispute resolution—and delete or anonymise the rest on a schedule.
Inboxes become accidental CRMs; that quietly expands privacy risk.
Retention thinking by channel
- Quote enquiries: align with your sales cycle plus a modest buffer; archive outcomes.
- Support email: longer may be justified—document why.
- Spam or junk leads: delete quickly; do not hoard “just in case”.
Operationalise deletion
Quarterly task: export closed deals to your CRM if needed, then purge stale threads containing phone numbers and addresses. Automate where form tools offer expiry.
Be honest in your privacy notice
If you say “12 months” for enquiries, your backups and inbox should not contradict that without explanation.
Frequently asked questions
Are backups exempt?
Backups lag reality—policies often describe eventual overwrite; discuss with advisers how you honour deletion across systems.
Should we keep IP addresses from analytics?
Many tools allow masking or aggregation—collect the minimum you actually use.