Data Retention Policy
How long every category of HookPilot data is retained, when it is purged, and why.
1. Principles
HookPilot Caption Studio LLC applies four principles to retention: (a) data minimisation — we collect what we need; (b) purpose limitation — we keep it for the purposes disclosed in the Privacy Policy; (c) deterministic enforcement — automated agents sweep the schedule below, no manual cleanups; and (d) lawful carve-outs — we keep what regulation, finance, or active disputes require, and no more.
2. Customer Content
Briefs, prompts, captions, scripts, AI Music Video projects, uploaded brand assets and generated outputs are retained while your workspace is active. On workspace deletion, Customer Content enters a 30-day soft-delete window during which the workspace owner can restore. After 30 days the records are purged from production. Backups age out within 90 days.
3. Account and Workspace Metadata
Name, email, role assignments, MFA factor metadata, SSO mappings, integration tokens, and workspace settings follow the same 30-day soft-delete window. Tokens for revoked integrations are invalidated immediately on disconnect.
4. Agent Memory
HookPilot agents use scoped memory entries to remember context. Memory is partitioned per workspace and per agent. Memory entries are retained while the workspace is active and can be selectively cleared from Settings → Agent Memory. All entries are purged with the workspace.
5. Audit and Security Logs
Workspace audit logs (who did what, when), authentication events, admin actions, and security telemetry consumed by the HookPilot Internal Security department (-HPS) are retained for up to 24 months. Customer-visible audit logs are available in-product and via API for the same window. Logs that contain personal data are pseudonymised after 90 days where the operational need has passed.
6. Billing and Tax Records
Invoices, payment receipts, subscription history, and supporting tax records are retained for up to seven (7) years after the end of the fiscal year of the last transaction, as required by U.S. tax law and applicable VAT/GST rules. We do not delete a closed account's billing records before that window expires.
7. Backups
Encrypted backups of production data are taken on a rolling schedule and aged out within 90 days. We do not selectively delete individual records from backups; if a restore brings deleted records back into production, the next sweep re-applies the deletion within 24 hours.
8. Legal Holds
When HookPilot receives a valid legal hold (litigation, regulatory investigation, lawful preservation request), the affected records are excluded from the automated sweep until the hold is released. Holds are tracked by HookPilot's legal team and reviewed quarterly.
9. Retention Schedule (Reference)
| Category | Retention | Trigger |
|---|---|---|
| Customer Content | Active workspace + 30-day soft delete | Workspace deletion |
| Account profile | Active workspace + 30-day soft delete | Deletion requested |
| Agent memory | Active workspace | Workspace deletion |
| Workspace audit logs | 24 months | Event timestamp |
| Security telemetry | 24 months | Event timestamp |
| Billing / tax records | 7 years | End of fiscal year of last transaction |
| Support tickets | 24 months | Ticket resolution |
| Marketing suppression list | Indefinite (so we don't email you again) | Opt-out |
| Backups | 90 days | Backup creation |
| DSAR records | 3 years from response | Request closure |
10. Contact
Retention questions or carve-out requests: privacy@hookpilot.co. Legal holds: legal@hookpilot.co.