Understanding how long we keep your data and your rights to request deletion.
Our principles for data retention.
WinIQ retains your data only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. This policy outlines our retention periods for different types of data and your rights regarding data deletion.
How long we keep different categories of data.
| Data Category | Examples | Retention Period | Basis |
|---|---|---|---|
|
|
Name, email, company, role, login credentials | Account lifetime + 30 days | Contract performance |
|
|
Proposals, documents, generated content, templates | Account lifetime + 30 days | Contract performance |
|
|
Prompts, AI responses, conversation history | 90 days (rolling) | Service improvement |
|
|
Feature usage, page views, click data | 26 months | Legitimate interest |
|
|
Invoices, payment records, transaction history | 7 years | Legal obligation |
|
|
Login events, security events, admin actions | 2 years | Security & compliance |
|
|
Support tickets, chat logs, feedback | 3 years | Service improvement |
|
|
Database backups, file system snapshots | 30 days (rolling) | Business continuity |
Zero retention at the AI processing layer.
All our AI providers operate under zero-retention agreements. Data sent to AI APIs is processed in real-time and immediately discarded. No prompts, responses, or user data is stored by our AI providers for any purpose including model training.
For complete details, see our No Training Data Policy and Subprocessors List.
Your rights and our deletion process.
Immediate Access Removal
Your account is immediately deactivated and access is revoked.
30-Day Grace Period
Data is held for 30 days in case you change your mind. Contact us to restore.
Permanent Deletion
After 30 days, all deletable data is permanently removed from primary systems.
Backup Removal
Data is purged from backups within 30 additional days (rolling backup cycle).
Certain data must be retained for legal, tax, or security reasons even after account deletion:
Required by tax authorities in most jurisdictions
For security incident investigation if needed
Aggregated, non-identifiable usage statistics
Rights available to all users, with enhanced rights for EEA residents.
Request a copy of all personal data we hold about you. We'll provide it within 30 days in a machine-readable format.
Update or correct any inaccurate personal data. Most data can be updated directly in your account settings.
Request deletion of your personal data. We'll delete all data not required for legal compliance within 30 days.
Export your data in a commonly used, machine-readable format (JSON, CSV) to transfer to another service.
Request that we limit how we use your data while you contest its accuracy or our right to process it.
Object to processing based on legitimate interests or for direct marketing purposes.
Simple ways to make a data request.
Export or delete your data directly from Account Settings → Privacy → Data Management
Submit a formal DSAR (Data Subject Access Request) for comprehensive data reports
Response Time: We respond to all data requests within 30 days. For complex requests, we may extend this by up to 60 additional days with notice. Identity verification may be required.