Tenivo Data Retention and Deletion Policy
_Last updated: 2026-04-26_
This policy describes how long Tenivo keeps data and how deletion is handled.
1. Scope
This policy covers account data, workspace records, uploaded files, logs, support records, and backups processed by Tenivo.
2. Retention schedule
| Data category | Retention period | Deletion behavior |
|---|---|---|
| Account identity data | While account is active + up to 12 months after account deletion | Deleted or anonymized after retention period unless legal hold applies |
| Workspace metadata (contracts, obligations, comments, reminders) | While workspace is active + up to 90 days after workspace deletion request | Deleted from active systems at end of window |
| Uploaded files and extracted content | While required for active workspace workflows + up to 90 days after deletion request | Deleted from active object storage and application records |
| Security and audit logs | Up to 12 months | Deleted or minimized unless needed for incident/legal defense |
| Support communications | Up to 24 months after last relevant interaction | Deleted or anonymized unless legal hold applies |
| Data subject rights requests and handling records | Up to 6 years from request closure | Retained for legal compliance and defense of claims, then deleted or anonymized |
| Consent and legal acceptance evidence | Up to 6 years from event timestamp | Retained for compliance defense, then deleted |
| Encrypted backups | Rolling 30 to 90 day window | Deleted by scheduled overwrite/purge |
3. Deletion triggers
Deletion or anonymization is triggered when:
- an account or workspace is deleted;
- retention period expires;
- valid erasure request is approved;
- consent is withdrawn for consent-only processing and no other legal basis applies.
4. Deletion workflow
Deletion is performed in stages:
- Remove access from active UI and APIs.
- Delete active database/object storage records.
- Let backup snapshots expire under backup lifecycle windows.
5. Exceptions and legal holds
Tenivo may retain data longer where needed for legal obligations, fraud/abuse investigation, security incidents, tax/accounting obligations, or legal claims.
6. Customer requests
Requests related to retention, deletion, or data subject rights can be sent to info@tenivo.net.
Where Tenivo acts as processor, requests may need to be handled through the customer controller.
7. Policy updates
This policy may be updated to reflect product, legal, or security changes.
8. Contact
Retention and deletion contact: info@tenivo.net.