Data Retention and Deletion Policy

Last Updated: July 30, 2025

This Data Retention and Deletion Policy explains how EternaVaultX retains, stores, and deletes user data in compliance with applicable laws and best practices.

1. Overview

EternaVaultX is committed to responsible data management. We retain data only as long as necessary for legitimate business purposes, legal compliance, and service provision. This policy outlines our retention practices and your rights regarding data deletion.

2. Data Categories and Retention Periods

Time-Locked Files

  • Retained securely until the specified unlock date and time
  • Delivered to users automatically upon expiration
  • Permanently deleted from our servers within 48 hours after successful delivery
  • Backup copies are securely overwritten within 30 days

Account Information

  • Personal details: Retained while account is active plus 90 days after closure
  • Login credentials: Immediately invalidated upon account deletion
  • Profile settings: Deleted within 30 days of account closure
  • Communication preferences: Retained until user opts out or account deletion

Transaction and Billing Records

  • Payment records: Retained for 7 years for tax and audit compliance
  • Subscription history: Retained for 3 years after account closure
  • Refund records: Retained for 7 years for financial compliance
  • Invoice data: Retained according to local tax law requirements

Technical and Log Data

  • Access logs: Retained for 90 days for security monitoring
  • Error logs: Retained for 6 months for troubleshooting
  • Usage analytics: Anonymized after 12 months
  • Security incident logs: Retained for 2 years for compliance

Communication Records

  • Support tickets: Retained for 2 years after resolution
  • Email communications: Retained for 1 year unless deleted by user
  • Chat logs: Retained for 6 months for quality assurance
  • Marketing communications: Retained until user unsubscribes

3. Inactive Account Management

Automatic Deletion

  • Accounts with no active subscription and no scheduled files are deleted after 6 months of inactivity
  • Users receive email warnings at 4 months and 5.5 months of inactivity
  • Final deletion notice sent 7 days before automatic deletion

Grace Period

  • 30-day grace period after initial deletion notice
  • Account can be reactivated by logging in during grace period
  • All data permanently deleted after grace period expires

4. User-Initiated Data Deletion

Account Deletion Rights

  • Users may request account deletion at any time
  • Most personal data deleted within 30 days of request
  • Some data may be retained for legal compliance purposes
  • Active time-locked files cannot be deleted before unlock date

Selective Data Deletion

  • Users can delete individual files before time-lock activation
  • Profile information can be updated or removed
  • Communication preferences can be modified
  • Historical data can be requested for deletion subject to legal requirements

Data Portability

  • Users can request copies of their personal data
  • Data provided in machine-readable format
  • Available files include profile data, file metadata, and transaction history
  • Requests processed within 30 days

5. Automatic Data Cleanup

  • Temporary files: Deleted within 24 hours of creation
  • Failed uploads: Immediately deleted upon failure
  • Session data: Cleared after 30 days of inactivity
  • Email verification tokens: Expire and are deleted after 48 hours
  • Password reset tokens: Expire after 1 hour
  • Cache data: Automatically purged every 7 days

6. Data Security During Retention

All retained data is protected through:

  • Encryption: AES-256 encryption for data at rest and in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Monitoring: Continuous monitoring for unauthorized access
  • Audit Trails: Complete logs of data access and modifications
  • Backup Security: Encrypted backups with separate access controls
  • Physical Security: Secure data centers with environmental controls

7. Legal and Compliance Retention

Certain data may be retained beyond standard periods for:

  • Legal obligations: As required by applicable laws and regulations
  • Dispute resolution: Until legal proceedings are concluded
  • Regulatory compliance: Financial and tax record requirements
  • Law enforcement: When subject to valid legal requests
  • Safety and security: For preventing fraud and abuse

8. Data Deletion Process

Secure Deletion Methods

  • Multi-pass overwriting of deleted data
  • Cryptographic key destruction for encrypted data
  • Physical destruction of storage media when decommissioned
  • Verification of successful deletion through audit processes

Deletion Verification

  • Users receive confirmation upon successful data deletion
  • Internal audit trails maintain records of deletion activities
  • Compliance reports generated for regulatory requirements

9. Updates to This Policy

We may update this Data Retention and Deletion Policy to reflect changes in our practices, technology, or legal requirements. We will:

  • Notify users of material changes via email or website notice
  • Provide 30 days' notice before implementing significant changes
  • Update the "Last Updated" date at the top of this policy
  • Maintain archived versions of previous policies for reference

10. Contact Information

For questions about data retention, deletion requests, or this policy, contact us: