Data Deletion Policy

Your right to delete your data is fundamental. This policy explains exactly how account deletion, workspace deletion, and GDPR erasure requests work — step by step.

Version 1.0Effective March 30, 2026GDPR Article 17

Overview

This policy defines the procedures for permanently deleting personal data and business data from the COVIS AI platform. It covers individual account deletion, full workspace deletion, and formal GDPR erasure requests.

This policy is incorporated by reference into our Privacy Policy and Terms of Service.

Important: Deletion is permanent and irreversible after the grace period. All data exports must be requested before deletion is finalized on Day 31.

Account Deletion Flow (Individual User)

1

Initiation

  • Navigate to: Account Settings → Privacy → Delete My Account
  • A confirmation modal is displayed with a 30-day grace period warning
  • You must type your registered email address to confirm the request
2

Immediate Actions (at time of request)

  • All active sessions revoked — you are logged out of all devices
  • Login is disabled immediately
  • You are removed from all workspace member lists
  • Your name is replaced with "Deleted User" in all shared records (comments, logs, assignments)
  • A deletion confirmation email is sent to your registered address
3

30-Day Grace Period

  • All data is fully preserved during this window
  • You can cancel deletion by logging back in within 30 days
  • A reminder email is sent at day 25 warning that deletion is imminent
  • A data export is available during this window
4

Hard Deletion (Day 31)

  • All eligible data is permanently and irreversibly purged
  • A final deletion certificate email is sent with details of what was deleted and what was retained

What Happens to Your Data on Day 31

DataAction
Profile data (name, email, photo, preferences)Permanently deleted
Chat history and AI outputsPermanently deleted
Uploaded files and documentsPermanently deleted
Knowledge base contributionsPermanently deleted
LinkedIn profile importsPermanently deleted
Call log entriesPermanently deleted
API keysRevoked and purged
Session historyPurged
Personal usage logsPurged
Billing and invoice recordsRETAINED — 7-year legal requirement
Audit log entriesRETAINED but anonymized (name/email replaced with anonymous ID)

Workspace / Tenant Deletion Flow

Warning: Workspace deletion affects all users in the workspace. All team members, professionals, clients, their data, agents, and configurations will be permanently deleted. This action cannot be undone after the 30-day grace period.
1

Pre-Deletion Checklist

  • Active subscription will be cancelled (effective end of billing period)
  • All workspace users will lose access immediately
  • All chat history, files, agent configurations, and content will be permanently deleted
  • Invoices and billing records are retained for 7 years (legal requirement)
  • Audit logs are retained for 24 months in anonymized form
2

Confirmation

  • The Company Admin must type the exact workspace/company name to proceed
  • A second confirmation is required acknowledging that this affects all users
3

Immediate Actions

  • All workspace users are logged out of all devices
  • All new logins to the workspace are blocked
  • Subscription is cancelled (no refund for the current billing period)
  • All API keys and integrations are deactivated
  • Workspace is marked as 'pending deletion' in the system
4

30-Day Grace Period

  • All data is preserved for potential recovery
  • Only the Company Admin can request cancellation (via email to support@covis.ai)
  • A read-only data export is available during this window
  • A reminder email is sent at day 25
5

Hard Deletion (Day 31)

  • All workspace user accounts and profiles permanently deleted
  • All chat history, AI outputs, and agent configurations permanently deleted
  • All uploaded files, documents, and knowledge base entries permanently deleted
  • All LinkedIn profile imports permanently deleted
  • Domain/subdomain association removed
  • Storage quota freed and released back to infrastructure
  • A final deletion certificate is emailed to the Company Admin

What Is Retained After Workspace Deletion

DataRetention
Billing and invoice recordsRETAINED — 7 years (legal requirement)
Audit logsRETAINED — 24 months, then purged
Fraud / security investigation recordsRETAINED — per legal hold schedule

Right to Erasure (GDPR Article 17)

4.1 Submitting an Erasure Request

Requests may be submitted via:

  • Account Settings → Privacy → Request Data Deletion (authenticated users)
  • Email: privacy@covis.ai — include your registered email and full name

4.2 Processing Timeline

MilestoneTimeframe
Automated acknowledgement email (with ticket number)Within 24 hours
Identity verification completedWithin 48 hours
Legal hold check (fraud, disputes, court orders)Within 48 hours
Full erasure completedWithin 30 days
Completion certificate issuedAt time of erasure

4.3 What Cannot Be Erased (Legal Exceptions)

The following data cannot be erased regardless of an erasure request. When data cannot be erased, you will be notified in writing of which specific data is retained, the legal reason, and when it will be deleted (if applicable).
DataReasonRetention
Billing and invoice recordsTax law compliance7 years
Fraud investigation recordsLegal obligationDuration + 7 years
Data subject to active legal proceedingsCourt order / legal holdDuration of hold
Anonymized / aggregated dataNo longer personal dataIndefinitely
Security incident recordsRegulatory requirement7 years
Audit log entries (anonymized)Accountability & compliance24 months

Data Export (Portability)

Before account or workspace deletion, you may download a full data export containing all your data.

Export Package Contents

covis-ai-export-[date].zip
├── profile.json              # account info, settings, preferences
├── chat_history/
│   ├── session_[id].json     # full chat logs with timestamps
│   └── ...
├── files/                    # all uploaded documents and files
├── generated_content/        # all AI-generated proposals and outputs
├── agent_configurations.json # custom AI agent settings
├── knowledge_base/           # knowledge base entries and documents
├── linkedin_profiles/        # imported LinkedIn profile data
├── call_logs.csv             # call log history with metadata
├── usage_logs.csv            # token and resource usage history
└── invoices/
    ├── invoice_[id].pdf
    └── ...

How to Export

Account Settings → Privacy → Export My Data

Generation Time

Up to 24 hours for large workspaces

Download Link Expiry

30 days before link expires

Data Breach — Deletion & Notification Protocol

TimeframeAction
Hour 0Breach detected, affected data scope identified
Hour 1Incident response team activated
Hour 4Affected systems isolated, further exposure stopped
Hour 4Compromised sessions and API tokens force-revoked
Hour 24Internal impact assessment complete
Hour 48Affected tenants and users notified via email + in-app banner
Hour 72Regulatory authority notified (GDPR requirement)
Day 30Full incident report published to all affected tenants
Upon breach notification: Affected users will be required to reset their passwords on next login and re-authorize any active API integrations. Report security vulnerabilities immediately to security@covis.ai.
8

Changes to This Policy

We reserve the right to update this policy. Material changes will be communicated via email notification to Company Admins and an in-app notification requiring acknowledgement.

Previous versions are archived and available upon request at privacy@covis.ai.

Contact

Data deletion requests

privacy@covis.ai

GDPR erasure requests

privacy@covis.ai

Legal holds & investigations

legal@covis.ai

Security incidents

security@covis.ai

Response time: within 30 days · GDPR requests: within 30 days, may extend to 60 days with notice

Privacy PolicyHow we handle your dataTerms of ServiceUsage rules and obligationsData Retention PolicyHow long we keep your data