Legal

Data Retention and Deletion Policy

Noir Stack LLC

A Virginia Limited Liability Company

Effective Date: January 1, 2024

Last Updated: January 1, 2026

This Data Retention and Deletion Policy describes how Noir Stack LLC ("Company") retains, manages, and deletes data processed through its Services.

This Policy should be read in conjunction with the Privacy Policy, Terms and Conditions, and Data Processing Addendum.

1. Scope

This Policy applies to:

  • Personal data
  • Customer Data
  • System logs and operational data
  • AI interaction data

2. Data Retention Principles

The Company follows these principles:

  • Data is retained only as long as necessary
  • Retention is limited to business, legal, and operational needs
  • Data minimization is applied where feasible

3. Categories of Data and Retention

A. Account and Billing Data

  • Retained for the duration of the account relationship
  • May be retained longer to comply with legal, tax, and accounting obligations

B. Customer Data

  • Retained for the duration of the Customer's active use of the Services
  • Subject to Customer-controlled deletion where applicable

C. Logs and Operational Data

  • Retained for security, monitoring, and performance purposes
  • Retention periods vary based on operational necessity

D. AI Interaction Data

  • Retained only as necessary to provide functionality and maintain system integrity
  • Not used to train third-party public models unless explicitly agreed

4. Data Deletion Upon Termination

Upon termination or expiration of Services:

  • Customer Data may be deleted or made inaccessible
  • Deletion may occur within a reasonable timeframe following termination
  • Backup systems may retain data temporarily until overwritten

The Customer is responsible for exporting data prior to termination where needed.

5. Customer-Initiated Deletion

Where functionality allows, Customers may:

  • Delete data directly within the platform
  • Submit deletion requests through support channels

The Company will process such requests subject to technical feasibility and legal obligations.

6. Legal Retention Requirements

The Company may retain data where required to:

  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements
  • Maintain security and fraud prevention records

7. De-Identification and Aggregation

The Company may retain and use:

  • De-identified data
  • Aggregated data

for analytics, performance, and system improvement, provided such data does not identify individuals.

8. Backup and Recovery Systems

Data stored in backups:

  • May persist for a limited retention period
  • Is protected by security controls
  • Is deleted in accordance with standard backup lifecycle processes

9. Data Disposal Methods

The Company employs reasonable measures to securely dispose of data, including:

  • Logical deletion from active systems
  • Overwriting or cryptographic erasure where applicable

10. Compliance with Virginia Law

Data retention and deletion practices are designed to align with applicable U.S. laws, including the Virginia Consumer Data Protection Act, and other relevant regulations.

11. Limitations

The Company cannot guarantee immediate or complete removal of all data from all systems due to:

  • Backup retention cycles
  • Distributed system architecture
  • Legal or regulatory requirements

12. Updates to This Policy

The Company may update this Policy periodically.

Material changes will be reflected by updating the "Last Updated" date.

13. Contact

Data retention and deletion inquiries:

privacy@noirstack.com

Noir Stack LLC · Commonwealth of Virginia

← All policies