[tomxor]

You are absolutely correct, this is essentially for meeting GDPR requirements and Switzerland (as far as I can tell) is under the same legal requirements in that regard despite not being in the EEA.

The problem is our customers are not end-users, they have their own policies and a significant number of them have a much more rigid interpretation of GDPR data storage rules which we've been forced to integrate into our own. This is one of the many problems of overreach due to the fear that GDPR creates IMO.