Data Deletion Policy

Self-serve deletion, DSAR portal, and retention schedule by data category.

Version 2.0.0 Effective May 28, 2026 Last reviewed May 28, 2026
Plain-English summary. You can delete your account from inside the product. Customer Content is removed within 30 days, audit logs are kept for security and compliance, backups age out within 90 days. We don't keep what we don't need, but the law sometimes makes us keep records of billing, security, and disputes.

1. Your Rights

You have the right to request deletion of personal information we hold about you, subject to the carve-outs in Section 6. Where GDPR / UK GDPR, CCPA / CPRA, LGPD, PIPEDA, or comparable laws apply, this policy is also the procedure we follow to honor those rights.

2. Self-Serve Account Deletion

  1. Sign in to your HookPilot workspace.
  2. Open Settings → Account (or Settings → Billing for the workspace owner).
  3. Choose Delete Account or Close Workspace. Workspace owners can also export Customer Content from the same screen.
  4. Confirm by re-entering your password and any required MFA factor.
  5. You will receive a confirmation email within 24 hours and a final completion notice when the deletion finishes.

3. DSAR Portal

If you cannot use the in-product flow — for example because you are a former end user whose data was processed by a HookPilot customer — you can submit a Data Subject Access Request to privacy@hookpilot.co. The email should include the type of request (access, correction, deletion, portability, or restriction), the email or workspace name associated with your data, and any context that helps us locate the records.

4. Verification

To protect you from impersonation, we verify the identity of the requester before acting on a request. For account holders we rely on session + MFA. For non-account requesters we may ask for additional information that only the data subject would have. We will not use the verification information for any other purpose.

5. Retention Schedule

CategoryDefault retentionTrigger to start countdown
Account profile (name, email, password hash)Until deletion + 30 days soft deleteDeletion requested
Customer Content (briefs, prompts, outputs, uploads)Until deletion + 30 days soft deleteDeletion requested or workspace closed
Workspace operational data (agent runs, memory, dashboards)Until deletion + 30 days soft deleteDeletion requested
Billing records, invoices, tax recordsUp to 7 yearsEnd of fiscal year of last transaction
Audit logs and security event logsUp to 24 monthsEvent timestamp
Support tickets and communicationsUp to 24 monthsTicket resolution
Marketing contact + suppression listUntil unsubscribed; suppression kept indefinitelyOpt-out
BackupsUp to 90 daysBackup creation

6. Lawful Carve-Outs

We may retain or refuse to delete information when it is necessary to: comply with a legal obligation (tax, accounting, sanctions screening, lawful preservation orders); exercise or defend legal claims; detect and prevent fraud, abuse, security incidents, or violations of our Terms of Service; protect the vital interests of any person; or maintain anonymized, aggregated statistics that cannot reasonably be associated with you. Where we retain information under a carve-out, we minimize what is kept and isolate it from production systems.

7. Sub-Processor Propagation

When deletion completes, we instruct our sub-processors to delete or anonymize the corresponding records under our contracts with them. Most propagate within 30 days; payment processors retain transaction records for the period required by financial regulation.

8. Backups

Encrypted backups age out automatically. We do not selectively delete individual records from backups; instead, if a restore brings deleted records back into production, we re-apply the deletion within 24 hours.

9. AI Memory and Agent State

HookPilot agents use scoped memory to remember context across runs. Memory entries are scoped per workspace and per agent and are deleted alongside the workspace. You can also clear specific memory entries from Settings → Agent Memory. Memory is never used to train shared models (see Privacy Policy §6).

10. Workspace Administrators

If you are an end user inside a customer's workspace (for example an employee whose company uses HookPilot), the workspace administrator is your first point of contact for deletion. HookPilot will assist where we are required by law to act directly.

11. Contact

Deletion requests and DSARs: privacy@hookpilot.co. We respond within thirty (30) days. Where your jurisdiction requires a shorter timeline, we honor the shorter one.