Data Retention & Deletion Policy
Effective date: [EFFECTIVE DATE] Last updated: [EFFECTIVE DATE]
This policy describes how long the Social application (the "Service") operated by [COMPANY NAME] ("[COMPANY SHORT]") keeps personal data and how it is deleted. It supplements the Privacy Policy.
1. Principles
We keep personal data only as long as necessary for the purposes it was collected, to provide the Service, to comply with legal obligations, to resolve disputes, and to enforce our agreements. When data is no longer needed, we delete or anonymize it.
2. Retention schedule
Adjust these periods to your actual operations and legal advice.
| Data | Retention | Notes |
|---|---|---|
| Account data (email, hashed password, auth provider) | Life of account + up to [30] days after deletion | Removed on account deletion, subject to backups |
| Settings / profile / self-portrait | Life of account | Deletable in-app |
| Conversation content (audio, transcripts, narratives, context) | Until you delete it or your account; otherwise life of account | Deletable per session in-app |
| AI outputs (scores, coach take, moments, replays) | Tied to the parent conversation | Deleted when the conversation is deleted |
| Speakers/contacts (incl. photos) | Life of account | Deletable in-app |
| Coach chat messages | Until cleared by you or account deletion | "Clear history" available in-app |
| Followups / commitments | Life of account | Deletable in-app |
| Briefings | Rolling; up to [12] months | Cached per day |
| Usage / entitlement records | Life of account + up to [24] months | For abuse/fraud and accounting |
| Billing records (Stripe metadata, invoices) | Up to [7] years | Tax/accounting/legal obligations |
| Magic-link tokens | 1 hour (expiry) | Auto-expire; periodic cleanup |
| Server/access logs | Up to [90] days | Security and debugging |
| Backups | Up to [30–90] days rolling | Overwritten on cycle |
3. Account deletion
You may request deletion of your account by emailing [PRIVACY EMAIL] (or via an in-app deletion control once implemented). Upon a verified request we will, within [30] days:
- Delete or anonymize your account, settings, conversations, AI outputs, speakers, chat
history, followups, and commitments;
- Instruct sub-processors to delete relevant data per our agreements;
- Retain only what we are legally required or permitted to keep (e.g., billing records,
fraud-prevention data), in which case it is isolated and protected until its retention period ends.
Residual copies may persist in encrypted backups until they are cycled out.
4. Self-service deletion
The Service lets you delete individual conversations at any time (see DELETE /api/conversations/[id]) and clear coach chat history (DELETE /api/chat). Deleting a conversation removes its associated AI outputs.
5. Third parties in your content
If a third party appearing in your content makes a verified deletion request, we may delete the relevant content to comply with law (see the Data Rights Addendum).
6. Changes
We may update this policy as our practices or legal obligations change.
Contact: [COMPANY NAME] · Privacy: [PRIVACY EMAIL]