When you close your Leanpub account, we may be obliged to retain some data associated with the account.
Here's a brief explanation of the background to this policy:
In addition to regulations like the well-known GDPR, we are also obliged to comply with other sets of rules, like Anti-Money Laundering and Know Your Customer rules, just to pick a couple of serious examples (these are typically referred to as AML and KYC in the world of regulatory compliance).
This means that in some circumstances we have an obligation to keep some types of data. One example of these circumstances regards financial transactions, for example if you have bought something on Leanpub, or if you're an author and we've paid you some money. Another example would be suspicion of potential fraud, or of lawbreaking in general, like potential copyright violation.
If you're interested in how regulatory regimes talk about these circumstances, we've pasted below a screenshot from GDPR Article 6, which explicitly sets out the circumstances in which, under the GDPR, what they call a "controller" may retain personal data. Note in particular the language of 1 (c), on the subject of "compliance with a legal obligation to which the controller is subject", and the language of 1 (f), regarding "legitimate interests":