Data Retention Policy

This policy defines exactly how long COVIS AI retains each category of data, who can delete it, and how automated deletion schedules enforce these standards.

Version 1.0Effective March 30, 2026GDPR Article 5(e)

Overview

This policy defines how COVIS AI retains, manages, and permanently deletes personal data and business data across the platform. It applies to all tenants, users, and data processed through the COVIS AI platform.

This policy is incorporated by reference into our Privacy Policy and Terms of Service.

Principle of Data Minimization: COVIS AI retains data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes — in accordance with GDPR Article 5(e).

Account & Identity Data

Data TypeRetention PeriodDeletion TriggerWho Can Delete
Full name, email, roleAccount active + 30 daysAccount deletion requestUser (self) or Super Admin
Password hashAccount active + 30 daysAccount deletionAuto-purged
Profile photoAccount active + 30 daysAccount deletion or manual removalUser (self)
Login history90 days rollingRolling auto-purgeAuto-purged
Session tokensSession expiry or logoutSession endAuto-purged
Active sessions listReal-timeSession revocationUser or Super Admin
Years of experience / professional profileAccount active + 30 daysAccount deletionUser (self) or Super Admin

Billing & Financial Data

Legal Requirement: Billing and financial records must be retained for a minimum of 7 years to comply with tax and financial regulations. These records cannot be deleted even upon user request.
Data TypeRetention PeriodWho Can Delete
Invoices and receipts7 yearsCannot be deleted — legally required
Subscription history7 yearsCannot be deleted
Transaction records7 yearsCannot be deleted
Payment method tokensUntil removed by userUser (via payment settings)
Raw card numbersNever storedN/A — tokenized via Stripe
Order IDs (payment gateway)7 yearsCannot be deleted
Billing disputes / chargebacks7 yearsCOVIS AI Super Admin only

Content & AI Data

Data TypeRetention PeriodDefaultWho Can Delete
Chat history (inputs + outputs)Configurable by Company Admin12 monthsCompany Admin or User
Uploaded files and documentsConfigurable by Company Admin12 monthsCompany Admin or User
AI-generated proposals and outputsConfigurable by Company Admin12 monthsCompany Admin or User
Custom AI agent configurationsAccount active + 30 daysAccount deletionCompany Admin
Knowledge base entriesConfigurable by Company Admin12 monthsCompany Admin
LinkedIn profile importsAccount active + 30 daysAccount deletion or manual removalCompany Admin or User
Call logs (metadata)12 months12 monthsCompany Admin
Call recordings (if applicable)Configurable by Company Admin12 monthsCompany Admin
Tenant-configured retention cannot override legally required minimum retention periods.
5

Usage & Analytics Data

Data TypeRetention PeriodWho Can Delete
Token usage logs (count, type, timestamp)12 monthsAuto-purged
API call logs12 monthsAuto-purged
Agent usage statistics12 monthsAuto-purged
Feature usage analytics12 months (then anonymized indefinitely)Auto-purged
Resource usage metrics (users, clients, agents, projects, storage)12 monthsAuto-purged
Aggregated / anonymized analyticsIndefinitelyN/A — no PII

Security & Audit Data

Data TypeRetention PeriodWho Can Delete
Audit logs (who did what, when)24 monthsImmutable — cannot be deleted
IP address logs90 daysAuto-purged
Error logs / crash reports90 daysAuto-purged
Technical / server logs90 daysAuto-purged
Security incident records7 yearsCOVIS AI Legal team only
Fraud investigation recordsDuration of investigation + 7 yearsCOVIS AI Legal team only
Subscription status change history24 monthsImmutable — audit trail
Audit logs are immutable — they cannot be altered or deleted by any user, including Super Admins, to ensure accountability and regulatory compliance.
7

Communication Data

Data TypeRetention PeriodWho Can Delete
Support tickets3 yearsCOVIS AI Admin only
Support ticket attachments3 yearsCOVIS AI Admin only
In-app feedback2 yearsCOVIS AI Admin only
Email correspondence3 yearsCOVIS AI Admin only

Tenant-Configurable Retention Settings

Company Admins may customize the following retention settings from: Settings → Data & Privacy → Retention Policy

Chat & AI Output Retention

3 months6 months12 months (default)24 monthsKeep until manually deleted

File & Document Retention

30 days after last access12 months (default)Keep until manually deleted

Auto-Delete Inactive User Data

After 6 months of inactivityAfter 12 months of inactivity (default)Never auto-delete
Tenant-configured retention periods cannot override legally required minimums. For example, billing records must be kept for 7 years regardless of any Admin setting.

Deletion Tiers — Who Can Delete What

Tier 1 — End User

  • Own chat history and messages
  • Own uploaded files and documents
  • Own profile data (name, avatar, preferences)
  • Own account (triggers Account Deletion Flow)
  • Own API keys (revocation)

Tier 2 — Company Admin

  • Any user's chat history within the workspace
  • All workspace files and AI-generated content
  • Invite and remove users (removal anonymizes shared records)
  • Workspace-level agent configurations and knowledge base
  • Full workspace deletion (triggers Workspace Deletion Flow)

Tier 3 — COVIS AI Super Admin

  • Process GDPR / regulatory erasure requests
  • Apply or release legal holds
  • Override retention schedules under court orders
  • Hard-delete billing records after legal hold period expires
  • Emergency deletion in the event of a data breach
  • Anonymize audit log PII on schedule

Automated Deletion Jobs

All automated jobs are logged. Failures trigger alerts to the infrastructure team.

Job NameFrequencyAction
purge-expired-sessionsHourlyDelete all sessions past expiry time
purge-error-logsDailyDelete error / crash logs older than 90 days
purge-ip-logsDailyDelete IP and technical logs older than 90 days
purge-chat-historyDailyDelete chat history past tenant retention setting
purge-call-logsDailyDelete call logs older than 12 months
purge-linkedin-dataDailyDelete LinkedIn profile data for deleted accounts
purge-inactive-usersDailyAnonymize users inactive beyond tenant setting
purge-deleted-accountsDailyHard-delete accounts past 30-day grace period
purge-deleted-workspacesDailyHard-delete workspaces past 30-day grace period
purge-token-logsMonthlyDelete token usage logs older than 12 months
purge-resource-usage-logsMonthlyDelete resource usage metrics older than 12 months
anonymize-audit-logsMonthlyReplace PII in audit logs older than 12 months
purge-old-audit-logsMonthlyDelete anonymized audit logs older than 24 months
purge-support-ticketsQuarterlyDelete resolved tickets older than 3 years

Key Retention Timeframes Summary

Immediately

Sessions revoked, login disabled on deletion request

30 days

Grace period — user or tenant can cancel deletion request

Day 31

Hard deletion executed for all eligible data

90 days

Technical logs, IP logs, error logs auto-purged

12 months

Chat history, files, call logs, token logs, AI outputs auto-purged

24 months

Audit logs anonymized, then purged on rolling basis

3 years

Support tickets and email correspondence deleted

7 years

Billing / invoice records — legally cannot be deleted earlier

13

Changes to This Policy

We reserve the right to update this policy. Material changes will be communicated via:

  • Email notification to Company Admins
  • In-app notification requiring acknowledgement

Previous versions are archived and available upon request at privacy@covis.ai.

Contact

Data deletion requests

privacy@covis.ai

Legal inquiries

legal@covis.ai

General support

support@covis.ai

Security issues

security@covis.ai

Response time: within 30 days

Privacy PolicyHow we handle your dataTerms of ServiceUsage rules and obligationsData Deletion PolicyStep-by-step deletion flows