1. Principles
We retain personal data only as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
2. Retention Schedule
The following periods apply unless a longer period is required by law:
- Account profile and authentication data — lifetime of the account plus ninety (90) days.
- Generated brand assets — lifetime of the account plus thirty (30) days; permanently deleted thereafter.
- Briefs and prompts — twelve (12) months after the last generation in the project, then anonymized.
- Billing records and invoices — ten (10) years to comply with accounting and tax law.
- Support tickets and email correspondence — three (3) years after closure.
- Operational logs and security audit trails — twelve (12) months.
- Marketing consent records — three (3) years after withdrawal of consent.
3. Backups
Encrypted backups are retained on a rolling thirty-five (35) day cycle. Deletion requests are honored in primary systems immediately and propagate to backups within the cycle.
4. Exceptions
We may retain limited records beyond the periods above when necessary to establish, exercise, or defend legal claims, or to comply with valid legal process.
Questions about this policy?
Contact privacy@nexelioflow.com or visit our contact page. We respond to legal inquiries within one business day (Mon–Fri, 09:00–18:00 CET).Document control
NexelioFlow Inc. · 8th Ave W, Birmingham, AL 35204, USA · EU representative: NexelioFlow EU B.V., Amsterdam · This document is provided in English; translations are for convenience and the English version prevails in case of conflict.