Data Retention and Deletion Policy

For this policy, "Avalon," "we," "us," or "our" means Avalon Flow Inc., a subsidiary of Questili LLP, unless a signed order form or customer agreement identifies a different contracting entity.

This policy explains how Avalon retains, exports, deletes, and de-identifies data. It applies to Avalon accounts, Customer Content, connected-service data, AI outputs, memory, Flowboard history, logs, telemetry, billing records, and support records unless a signed customer agreement states otherwise.

1. Retention principles

Avalon retains data only as long as reasonably necessary to provide the service, maintain security, support customers, comply with legal obligations, resolve disputes, prevent abuse, operate billing, and honor customer agreements.

Different data types have different retention periods because they serve different product, security, audit, support, and legal purposes.

2. Account and administrative records

Avalon may retain account identity, workspace membership, administrator records, subscription status, billing metadata, support records, and legal/commercial records for as long as the account is active and for a reasonable period afterward for compliance, accounting, tax, dispute, fraud-prevention, and business-record purposes.

3. Customer Content and connected-service data

Customer Content may include email, calendar, contacts, Flowboard cards, prompts, AI outputs, memory, meeting briefs, due dates, workflow history, connected-service data, and custom endpoint data.

Avalon retains Customer Content while needed to provide enabled features. When an account is disconnected, closed, or deleted, Avalon deletes or de-identifies Customer Content according to product controls, support-assisted workflows, backup expiry, security needs, and applicable agreements.

4. AI memory and derived context

AI memory and derived context may persist until the user or administrator deletes it, disables memory, closes the account, or requests deletion. Some derived records may remain in audit logs, security logs, backups, or support records where needed for security, compliance, or dispute purposes.

5. Audit logs, execution receipts, and security logs

Audit logs, approval records, execution receipts, security logs, abuse-prevention logs, and incident records may be retained longer than general product data to prove what happened, investigate issues, protect customers, detect abuse, and comply with legal obligations.

6. Telemetry, analytics, and observability data

Avalon may retain usage events, performance metrics, error logs, health checks, and analytics data for product reliability, support, security, and business analysis. Normal telemetry should avoid raw Customer Content and secrets.

7. Backups

Deleted data may remain in backups for a limited period until backups expire or are overwritten. Backups are used for disaster recovery, security, and service continuity and are not intended for routine product access after deletion.

8. Export

Customers may request export of reasonably available account or Customer Content data through product controls or by contacting support@avalonflow.com. Export scope, format, timing, and availability may depend on account status, connected-service APIs, technical feasibility, security review, and legal obligations.

9. Deletion and account closure

Customers may request deletion or account closure by using product controls or contacting support@avalonflow.com. Avalon may verify identity, authority, and account ownership before acting.

Deletion may not immediately remove data from backups, security logs, billing records, legal records, audit logs, or records needed for fraud prevention, dispute resolution, compliance, or legitimate business needs. Avalon may also retain de-identified or aggregated data that no longer identifies a customer or user.

10. Connected services and customer-controlled systems

Disconnecting a connected service stops future access where supported, but it may not delete data already processed by Avalon or data retained by the connected service. Customers are responsible for deleting data from customer-controlled Google accounts/Google Workspace tenants, Microsoft tenants, Slack workspaces, Salesforce instances, MCP servers, custom endpoints, local models, private models, BYO providers, and other systems they control.

11. Legal holds and disputes

Avalon may preserve data if required by law, legal process, security investigation, abuse investigation, dispute, unpaid invoice, or enforcement of agreements.

12. Contact

For retention, export, deletion, or account-closure requests, contact support@avalonflow.com.