Data Retention & Deletion Policy
Last updated: May 2026 · Effective immediately
1. Overview
Nexus orchestrates project data, financial flows, and construction workflows. This policy explains how long we keep that data, why we keep it, and how you can request deletion. Retention balances operational need, contractual obligations, and legal/regulatory requirements.
2. Active account data
While your subscription is active, we retain all data you create or upload — projects, documents, schedules, budgets, invoices, CRM records, field logs, and integration data — so that automation, AI agents, and reporting continue to function correctly.
3. Retention periods by category
| Data category | Retention | Rationale |
|---|---|---|
| Project & document data | Active + 30 days after cancellation | Re-activation grace period; contractual delivery obligations |
| Financial & invoice records | 7 years | Tax, audit, and lien-waiver compliance (US construction law) |
| Audit & activity logs | 7 years | Regulatory evidence trail; security forensics |
| Plaid / bank connection metadata | Until connection removed + 30 days | Fraud monitoring; Plaid DPA requirements |
| Email & notification history | 90 days | Delivery verification; unsubscribe compliance |
| Analytics & telemetry | 90 days (raw); indefinite (aggregate) | Product improvement; no individual identification in aggregate |
| Deleted user accounts | 30 days (soft delete) then permanent | Accidental-deletion recovery; legal hold capability |
4. Deletion requests
• Self-service: Workspace owners can delete projects, documents, and integrations in-app. Data is removed from active systems within 24 hours.• Account closure: Cancel your subscription in Settings → Billing. Your workspace enters a 30-day grace period, then all project data is permanently deleted except financial records retained per §3.• GDPR / CCPA erasure: Email privacy@billslash.app with your workspace name and email. We will verify identity and process within 30 days, subject to legal holds and financial-retention obligations.
5. What deletion means
"Permanent deletion" means data is removed from production databases, search indexes, and active backups. Encrypted backup snapshots age out per our 30-day rotation. Aggregate, de-identified analytics may remain. Data in third-party systems (e.g., Stripe, Plaid, Procore, QuickBooks) is subject to those providers' retention policies; we forward deletion requests where feasible.
6. Legal holds
If we are required by law, litigation, or regulatory investigation to preserve data, we may suspend deletion for the affected records until the hold is lifted. You will be notified if your data is subject to a legal hold, unless prohibited by law.
7. Contact
Questions about retention or deletion: privacy@billslash.app.