DATA RETENTION POLICY
This Data Retention Policy describes how Lemnia LLC ("Lymnus," "we," "us," or "our") retains, manages, and deletes personal data and business data in connection with the Lymnus platform. This policy supplements our Privacy Policy and Data Processing Agreement.
1. Purpose and Scope
This policy applies to all personal data and business data processed by Lymnus, including data uploaded by customers ("Customer Data"), account data, system logs, billing records, and audit trails. It is designed to ensure compliance with applicable data protection laws including GDPR, UK GDPR, and CCPA, and to align with our contractual commitments under our Data Processing Agreement.
2. Data Categories and Retention Periods
Data Category | Examples | Retention Period | Basis |
|---|---|---|---|
Account Data | Name, email, hashed password, profile photo | Duration of account + 90 days after closure | Contract performance |
Customer-Uploaded Files | PDFs, spreadsheets, documents uploaded for processing | Until deleted by user, or account closure + 30 days | Contract performance |
Project Data | Extracted data, processed datasets, synthetic data outputs | Until deleted by user, or account closure + 30 days | Contract performance |
Report Data | Generated reports, financial models | Until deleted by user, or account closure + 30 days | Contract performance |
AI Chat History | Chat messages, uploaded chat attachments | Until deleted by user, or account closure + 30 days | Contract performance |
Agent Configurations | Workflow agent definitions and execution logs | Until deleted by user, or account closure + 30 days | Contract performance |
Billing Records | Invoice history, payment records, subscription data | 7 years from transaction date | Legal obligation (tax law) |
System Log Data | IP addresses, access logs, error logs | Up to 12 months | Legitimate interests (security) |
Audit Logs | Admin actions, security events, authentication events | Up to 24 months | Legal obligation / Legitimate interests |
Support Communications | Tickets, email threads, report submissions | 3 years after ticket resolution | Legitimate interests |
Analytics Data | Aggregated, anonymized usage metrics | Up to 3 years | Legitimate interests |
Token Transaction Records | Token purchase and consumption history | 3 years from transaction date | Legitimate interests / Legal obligation |
Backup Data | System backups including customer data | Up to 30 days from backup date | Service continuity |
Cookie / Session Data | Session tokens, preference cookies | As specified in Cookie Policy | Consent / Contract performance |
3. Customer-Controlled Deletion
Customers have direct control over the deletion of their own data through the Platform:
Projects, reports, and extracted files: Delete at any time from the project or report detail page
AI Chat conversations: Delete individual chats or full chat history from the Chat panel
Agent configurations: Delete from the Agents page
Uploaded integration data: Managed through the connected app settings
Deleted items are removed from active storage promptly. They may persist in backup systems for up to 30 days before being permanently purged from all systems.
4. Account Deletion and Data Erasure
When you delete your account or your subscription is terminated:
Account data (name, email, preferences) is deleted within 90 days
Customer-uploaded files and project data are deleted within 30 days
Billing records are retained for 7 years as required by applicable law
Anonymized analytics data may be retained indefinitely as it cannot be linked to an individual
Upon written request, we will provide confirmation of deletion within 30 days. Enterprise customers governed by a Data Processing Agreement may exercise deletion rights as specified in that agreement.
5. GDPR Right to Erasure
For users in the EEA or UK exercising the Right to Erasure ("Right to be Forgotten"), we will:
Process erasure requests within 30 days of verification
Delete or anonymize all personal data subject to the request, except where retention is required by law
Notify Sub-processors to delete data where applicable
Provide written confirmation of erasure upon completion
To submit an erasure request, contact us at contact@lymnus.com with "Data Erasure Request" in the subject line.
6. Automated Data Retention Enforcement
The Lymnus platform enforces data retention periods automatically through scheduled processes:
Inactive free-plan project files: subject to archival or deletion after the period specified in your plan terms
Completed processing job temporary files: deleted within 24 hours of job completion
Expired session data: purged automatically upon session expiry
Log rotation: system log files are rotated and purged according to retention schedules
Automated retention enforcement does not apply to data within the active retention periods described in Section 2. Customers are notified of impending data deletion where technically feasible.
7. Data Retention for Enterprise Customers
Enterprise customers with a signed Data Processing Agreement or custom contract may negotiate:
Extended or shortened retention periods for specific data categories
Custom deletion workflows and confirmation procedures
Data residency requirements limiting where data is stored during its retention period
Scheduled data retention reports
Custom enterprise retention terms supersede this policy where they differ.
8. Backup and Recovery Retention
System backups are retained for the following periods before automatic expiry:
Database backups: minimum 7 days, maximum 30 days
File storage snapshots: minimum 7 days
Backup data is stored in encrypted form and access is restricted to authorized operations personnel
Backup data is not accessible to customers for individual file recovery — if you need to recover deleted data, contact us promptly within the 30-day backup window at support@lymnus.com.
9. Security of Retained Data
All retained data — regardless of category — is protected by the security measures described in our Data Processing Agreement Annex II, including encryption at rest, role-based access control, and access logging. Data that has reached the end of its retention period is destroyed using secure deletion methods appropriate to the storage medium.
10. Changes to This Policy
We may update this Data Retention Policy from time to time. Material changes will be communicated via email or in-Platform notification at least 30 days before taking effect. The current policy is always available at https://lymnus.com/legal.
11. Contact
For questions about data retention, deletion requests, or to exercise your privacy rights:
Lemnia LLC
131 Continental Dr, Suite 305, Newark, Delaware 19713, United States
Email: contact@lymnus.com
Website: https://lymnus.com