Data Retention & Deletion Policy
How long we keep data, and how deletion works.
Last updated July 12, 2026
1. Purpose
This Data Retention & Deletion Policy explains how Haruspex (“Haruspex,” “we,” “our,” or “us”) retains, archives, anonymizes, and deletes information processed through the Haruspex platform.
Our objectives are to:
- retain information only for legitimate business purposes;
- minimize unnecessary data storage;
- comply with applicable legal obligations;
- maintain security and system integrity; and
- respect user privacy whenever practical.
This policy should be read together with our Privacy Policy, Terms of Service, and Data Processing Addendum.
2. General Principles
Haruspex follows the following retention principles:
- Data is retained only as long as reasonably necessary.
- Different categories of data have different retention periods.
- When retention is no longer required, data is deleted or anonymized.
- Certain information may be retained longer where required for legal, security, fraud prevention, or operational purposes.
- Backups may temporarily contain deleted information until backup rotation completes.
3. Categories of Data
Haruspex may retain the following categories of information:
- Account information
- Authentication information
- User profile information
- AI conversations
- Uploaded files
- API usage logs
- Audit logs
- Security logs
- Error reports
- Payment records (when payments become available)
- Support communications
- Marketing preferences
- System telemetry
- Anonymous analytics
Each category may have a different retention schedule.
4. Active Account Data
While an account remains active, Haruspex generally retains:
- account profile information;
- AI conversations;
- uploaded documents;
- project data;
- saved prompts;
- user preferences;
- API credentials;
- usage history; and
- security records.
This information enables normal operation of the platform.
5. AI Conversations
AI conversations may be retained to:
- provide conversation history;
- allow users to revisit previous work;
- troubleshoot technical issues;
- investigate abuse;
- improve platform reliability where permitted by applicable law.
Users may delete individual conversations where such functionality is available.
Deleted conversations may remain in encrypted backups for a limited period before permanent removal.
6. Uploaded Files
Files uploaded by users remain stored until:
- the user deletes them;
- the account is deleted;
- retention limits expire;
- administrative removal becomes necessary for security or legal reasons.
Deleted files may remain in backup systems until backup rotation completes.
7. API Data
API request metadata may be retained for purposes including:
- abuse detection;
- billing (when applicable);
- debugging;
- rate limiting;
- system monitoring;
- security investigations.
API request content may be retained only as necessary to provide requested services or investigate abuse.
8. Security Logs
Security-related logs may include:
- login attempts;
- IP addresses;
- authentication events;
- access history;
- device information;
- abuse detection events;
- suspicious activity reports.
Security logs are retained as necessary to:
- investigate incidents;
- detect fraud;
- maintain platform integrity;
- comply with legal obligations.
9. Support Communications
Customer support emails, tickets, and correspondence may be retained for purposes including:
- resolving disputes;
- improving support quality;
- training support personnel;
- maintaining historical records of requests.
10. Analytics Data
Anonymous or aggregated analytics may be retained indefinitely because such information no longer identifies individual users.
Where practical, personally identifiable information is removed before long-term analytical retention.
11. Account Deletion
Users may request deletion of their account.
Following verification, Haruspex will generally:
- deactivate the account;
- delete user-accessible content;
- revoke authentication credentials;
- remove API keys;
- schedule associated personal information for deletion.
Certain information may remain where retention is legally required or operationally necessary.
12. Information That May Be Retained
Even after account deletion, Haruspex may retain limited information including:
- audit logs;
- security records;
- fraud prevention records;
- abuse investigation records;
- legal compliance records;
- contractual documentation;
- tax or accounting records (when applicable);
- anonymized analytics.
Such information is retained only for legitimate purposes.
13. Legal Retention
Haruspex may retain information longer than normal where necessary to:
- comply with applicable law;
- respond to lawful government requests;
- enforce contractual rights;
- resolve disputes;
- defend legal claims;
- investigate fraud or abuse;
- protect users or the platform.
14. Backups
Encrypted backups are maintained to support:
- disaster recovery;
- business continuity;
- accidental deletion recovery;
- security resilience.
Deleted information may remain within backup media until routine backup rotation permanently removes it.
Backup copies are not actively processed except where restoration is necessary.
15. Anonymization
Where feasible, Haruspex may replace deletion with irreversible anonymization.
Anonymized information may be retained for:
- statistical analysis;
- research;
- product improvement;
- service performance measurement;
- historical reporting.
Properly anonymized information is no longer considered personal data.
16. Inactive Accounts
Accounts that remain inactive for extended periods may be:
- archived;
- limited;
- scheduled for deletion;
- requested to undergo verification before reactivation.
Haruspex may notify users before permanent deletion where reasonably practical.
17. Third-Party Services
Certain information processed by third-party service providers may remain subject to their independent retention schedules.
Haruspex requires service providers to implement appropriate security and deletion practices where applicable.
18. Deletion Requests
Users may request deletion of personal information by contacting Haruspex through the official support channels.
Before processing deletion requests, Haruspex may verify the identity of the requesting individual to protect account security.
Requests may be denied or delayed where required by law or necessary to protect legitimate interests.
19. Changes to This Policy
Haruspex may update this Data Retention & Deletion Policy from time to time.
Material changes will become effective upon publication of the updated policy on the Haruspex website unless a different effective date is specified.
Continued use of the Services after the effective date constitutes acceptance of the revised policy.
20. Contact
Questions regarding this Data Retention & Deletion Policy may be directed to Haruspex through the contact information published on the official website.