Data retention

What we keep, and for how long

| Data type | Default retention | Notes |
|---|---|---|
| Conversation messages | Indefinite while account active | Cleared on account deletion |
| Memories (vector + structured) | Indefinite while account active | You can delete individually |
| Records | Indefinite while account active | Or until you archive/delete |
| Attachments (images, PDFs) | Indefinite while account active | Cleared on account deletion |
| OAuth tokens | Until you revoke | Encrypted at rest |
| BYOK keys | Until you revoke | Encrypted at rest |
| Audit logs | 13 months | Required for security/compliance |
| Usage logs (credits) | 25 months | Required for billing reconciliation |
| Backups | 7 days rolling | Supabase standard |

What's never kept

- LLM provider doesn't see your data beyond inference (per their contract terms).
- We don't train models on conversation data.
- Browser session cookies (cleared every session unless you explicitly saved login).
- Voice raw audio (kept only briefly for transcription; transcript persists).

Account deletion

Settings › Account › Delete Account. Within 30 days:

1. Conversations, memories, records, attachments — purged.
2. OAuth tokens — revoked at the provider and overwritten locally.
3. BYOK keys — overwritten with zeroes.
4. User row in DB — removed.
5. Backups containing your data — naturally roll off within 7 days.

Audit logs are retained for security/compliance purposes per the table above; they don't contain conversation content, only metadata (action, time, target).

Right-to-be-forgotten requests

Email privacy@niyra.ai. We confirm within 48 hours and complete within 30 days. GDPR and India DPDP-aligned process.