← Back to Legal

Netallion AI Assurance Data Retention & Deletion Policy

Effective date: 03 February 2026

This policy describes how Netallion AI Assurance retains and deletes data. Retention may vary by plan, customer configuration, and legal requirements.

1) Guiding principles

  • Minimize stored sensitive data (use hashes/masking and redaction)
  • Retain only what is needed for service delivery, security, and legal compliance
  • Allow customers to export and delete data, subject to contractual/legal constraints

2) Data categories and typical retention

A) Account data

Examples: user profiles, roles, organization settings

Typical retention: for the life of the account, plus up to 90 days after closure (to support reactivation and billing reconciliation), unless longer retention is required by law.

B) Audit logs

Examples: login events, admin actions, configuration changes, access to reports

Typical retention: 180–365 days (plan-dependent), or longer for enterprise customers.

C) Findings / incident records

Examples: hashed indicators, masked fragments, redacted snippets, metadata

Typical retention: 90–365 days (plan-dependent). Customers may configure shorter retention where available.

D) Reports and exports

Examples: generated reports (HTML/PDF), evidence packs

Typical retention: until deleted by customer, or per plan default (e.g., 90–180 days).

E) Support tickets and communications

Typical retention: up to 24 months, depending on support needs and legal requirements.

3) Deletion

Customers may request deletion of:

  • User accounts (where permitted)
  • Findings and reports (where supported)
  • Entire tenant data after termination (subject to legal holds and billing requirements)

Deletion requests: support@netallion.ai or privacy@netallion.ai

4) Backups

Backups may retain copies of data for a limited period (e.g., 7–35 days) after deletion for disaster recovery. Data in backups will be overwritten according to backup rotation schedules.

5) Legal holds and compliance

We may retain certain data where required by law, to enforce agreements, to prevent fraud, or to resolve disputes. Where possible, we restrict access and minimize retained data.

6) Changes

We may update this policy. Material changes will be communicated via email or in-app notice.