Data Deletion & Retention Policy
This policy details how long we keep your data and the specific procedures involved when you request account deletion.
1. Standard Data Retention
We retain your personal data and User-Generated Content only for as long as your account is active, or as necessary to provide you with the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.
If your account becomes completely inactive for a continuous period of 24 months, we may, at our discretion and subject to legal notification requirements, schedule the account for deletion to minimize unnecessary data storage.
2. The Account Deletion Process
When you initiate an account deletion from your dashboard, the following strict timeline and process occurs:
Phase 1: The 48-Hour Cooldown
- Your account is immediately locked and marked with a
scheduled_deletion_attimestamp exactly 48 hours in the future. - During this period, your data remains intact on our servers.
- Purpose: This cooldown exists solely to protect against malicious account takeovers or accidental deletion. It gives the true account owner a window to reclaim their account.
Phase 2: Account Reclamation (During Cooldown)
- If you wish to cancel the deletion during the 48-hour window, you must verify your identity via our automated Didit Identity Verification integration.
- If the OCR name matches the name on the account, the deletion is cancelled. Consisto does not store the uploaded Government ID during this process.
Phase 3: Permanent Purge
- Once the 48-hour timestamp expires, an automated cron job irreversibly purges your data.
- What is deleted: Your user record, profile metadata, standard notes, and all End-to-End Encrypted (E2EE) ciphertext blobs.
- What is retained: Anonymized telemetry data and aggregated financial records required by law (e.g., transaction IDs for tax compliance). These retained records cannot be linked back to you personally.
Irreversible Action: Once Phase 3 executes, it is technologically impossible for Consisto to recover your data. We do not keep shadow backups of deleted PII.