Last updated: December 2025

VAALID Inc. helps teams manage research, insights, and organizational knowledge with clarity and governance. This policy explains how we store customer data, how long we retain it, how deletion works, and what rights and controls are available to organizations.

Our approach follows best practices from modern SaaS providers and aligns with key principles found in SOC 2 and GDPR—such as data minimization, access controls, auditability, and user-initiated deletion workflows.

1. What This Policy Covers

This policy applies to all content and metadata you create or upload in VAALID, including:

  • Workspaces, projects, documents, snippets, insights, surveys, transcripts, attachments
  • Reports, whiteboards, generated assets
  • User profiles, membership records, roles, permissions
  • Audit events and high-level activity logs

VAALID never uses customer content to train external AI models, and customer data is not shared with third parties except as required for core service operations (e.g., storage, compute, email delivery).

2. How Long We Keep Your Data

Active Subscription

As long as your organization maintains an active subscription, we retain data so that you and your team can access, export, and build upon it. Data is stored in secure and redundant infrastructure.

When a Subscription Is Cancelled

If an owner cancels a subscription or requests deletion:

  1. The organization enters a Pending Deletion state
  2. The workspace becomes read-only (no edits, full export access)
  3. A 7-day grace period begins

This grace period gives teams time to export content or reactivate their subscription.

After the Grace Period

When the grace period ends, all customer content is permanently deleted. This includes:

  • Documents, snippets, insights, reports
    Surveys and transcripts
  • Uploaded files and attachments
  • Workspace and project structures
  • AI-generated analysis
  • Search indexes and embeddings

Once deletion is complete, data cannot be restored.

3. Notifications & Transparency

During Pending Deletion, we notify organization owners, admins, and billing contacts:

  • Immediately when deletion is scheduled
  • Several times during the grace period
  • One day before final deletion

Clear in-app indicators (banners and countdown timers) provide visibility to all users.

4. Your Controls & Options

Cancel Deletion

Owners or billing admins may cancel a Pending Deletion at any point during the 7-day window by:

  • Reactivating the subscription, or
  • Clicking Cancel Deletion in organization settings

Export

Before deletion occurs, organizations may export:

  • Workspace data
  • CSV files
  • Documents
  • Reports

User Removal

If a user is removed from an organization:

  • Their contributions remain,
  • Ownership transfers to the organization, and
  • All references remain intact to ensure auditability and historical accuracy

This ensures organizational continuity even as team membership changes.

5. Legal Holds & Exceptions

If VAALID receives a lawful request (e.g., litigation hold or regulatory inquiry):

  • Deletion is paused
  • Data is preserved until the hold is lifted

Once lifted, the standard deletion timeline resumes.

6. Minimal Metadata Retained After Deletion

For fraud prevention, system integrity, and financial compliance, we may retain:

  • Organization ID
  • Deletion timestamps
  • Audit events indicating deletion
  • Stripe transaction records

This metadata contains no customer content and is stored securely for up to 24 months.

7. Privacy Commitments

VAALID is designed with privacy by default:

  • Encrypted in transit and at rest
  • Role-based access controls
  • Sensitive-data-aware workflows
  • Consent and data-subject rights handled through our Privacy Policy

We do not sell or monetize customer data.

8. Questions or Requests

For any deletion-related questions or appeals, contact:

support@vaalid.com

For privacy-specific inquiries:
privacy@vaalid.com

We regularly update this policy to reflect product changes, regulatory requirements, and best practices.