Data
Retention
Policy

This policy defines what data Ajeris retains, for how long, and how it is deleted. We keep only what is useful to operate your agent, and we delete the rest on a schedule or on your request.

While your account is active:

• ◆Financial accounts and transactions (Plaid): retained as long as the account is connected.
• ◆Credit report data (Equifax, TransUnion): retained while active; refreshed per user request or on schedule.
• ◆Conversation history: retained for agent context across channels (SMS, voice, web). No expiry while the account is active.
• ◆Core memories (preferences, facts, routines the agent has been told to remember): retained until removed by the user.
• ◆Usage data (latency, errors, feature counts): 90 days rolling.

When you delete your account, all personal data is removed within 30 days. Backups are purged on the hosting provider's schedule, within 90 days at most.

• ◆All user-scoped rows are cascade-deleted via onDelete: Cascade on every table that stores user data.
• ◆Plaid access tokens are revoked at the Plaid API before local deletion.
• ◆OAuth tokens for other connected services (Google, Spotify, Slack, Hue, Uber) are revoked at their respective providers during the deletion sweep.
• ◆Backups retain the data only as long as the hosting provider's backup retention schedule requires; Railway-managed backups roll off within 90 days.

Where retention is legally required (for example, transactional records for tax purposes), we keep only the minimum required and isolate it from any agent access.

Data that is useful only briefly is auto-deleted on a timer:

• ◆Payment proposals that were never sent: 30 days
• ◆Daily activity logs: 90 days
• ◆Expired OAuth tokens: at expiry
• ◆Pending registration tokens: 24 hours (whether consumed or not)

Every user can trigger deletion at any time by texting or voicing the agent. No form, no support ticket.

• ◆"Disconnect my accounts": revokes all OAuth tokens at the providers, clears local encrypted copies, stops all background scheduled tasks.
• ◆"Delete everything": full account deletion, cascade-deletes every user-scoped row, revokes all tokens.
• ◆"Forget [specific memory]": removes a single memory without affecting the rest of the account.

Deletion requests are acknowledged in-channel and executed within 30 days.

• ◆Every user-scoped table declares onDelete: Cascade in its Prisma schema.
• ◆Cleanup jobs run on the heartbeat scheduler (packages/agent/src/scheduler).
• ◆Token revocation calls are made synchronously during deletion; failures are retried with exponential backoff until successful or logged for manual follow-up.

• ◆Access: download every piece of data Ajeris holds about you.
• ◆Correction: ask the agent to update a memory or profile field.
• ◆Deletion: see §5 above. Or email hi@ajeris.com.
• ◆Portability: request an export of your data in a structured format.

This policy is reviewed annually, on any change to retention windows, and upon onboarding any new third-party data provider.

Next scheduled review: April 2027.

Questions about retention, deletion, or data rights: hi@ajeris.com.