Data Retention and Deletion Policy

Effective date: July 8, 2026

This Data Retention and Deletion Policy summarizes how InnovareAI retains and deletes personal information and customer data.

General retention principle

InnovareAI retains personal information only for as long as reasonably necessary to provide the Services, operate our business, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and preserve legitimate business records.

Customer service data

Customer-controlled service data is generally retained for the term of the customer relationship unless deleted earlier by the customer or as otherwise agreed.

Following termination or expiry of the Services, InnovareAI will delete or return Customer Personal Data according to the Data Processing Agreement. Unless otherwise agreed or legally required, this occurs within 30 days after termination or customer instruction.

Account data

Account data, including user profile information, workspace metadata, authentication data, settings, and role information, is retained while the account is active. Following account cancellation, this data is deleted within 30 days, except where a retained backup copy persists until it ages out of InnovareAI's ordinary backup retention cycle, or where retention is required by law.

Billing, tax, and accounting data

Billing, invoice, payment, tax, and accounting records may be retained for the period required by applicable law and legitimate business recordkeeping requirements.

Logs and security records

System logs, security logs, audit logs, error logs, and operational records may be retained for security, debugging, abuse prevention, compliance, and service reliability purposes.

Support and communications

Support tickets, emails, feedback, and related communications may be retained for support history, quality assurance, legal compliance, and business records.

Backups

Backup copies are deleted according to InnovareAI's ordinary backup retention cycle. Backup copies remain protected in accordance with applicable security controls and are not restored to production systems except where necessary for business continuity, security, or legal compliance.

Legal holds and exceptions

InnovareAI may retain information for longer where required by law, necessary to resolve disputes, enforce agreements, prevent fraud or abuse, comply with a legal hold, or protect legal rights.

Deletion requests

Individuals may request deletion of personal information by contacting privacy (at) innovareai (dot) com or dpo (at) innovareai (dot) com. Where InnovareAI processes data on behalf of a customer, we may refer the request to the customer or assist the customer in responding.