Last updated: February 8, 2026
This page describes how long Nautis (PitchWitch Ventures LLC) retains your personal data and the procedures we follow for deletion and anonymization, in accordance with GDPR Article 5(1)(e) — Storage Limitation.
1. Retention Periods
We retain your data only as long as necessary for the purposes for which it was collected:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| User Account Data | Active account lifetime + 30 days | Contract |
| Authentication Tokens | Session: 14 days; Reset: 1 hour; Verification: 24 hours | Contract |
| Audit Logs (PII) | IP and user agent anonymized after 90 days | Legitimate interest |
| Audit Logs (Events) | 3 years | Legal obligation / Legitimate interest |
| Chat Messages | Active account lifetime | Contract |
| Payment Records | 7 years | Legal obligation (tax) |
| Data Export Files | 7 days after generation | Data subject right |
| Consent Records | Active account lifetime + 5 years | Legal obligation (GDPR Art. 7) |
| Cookie Consent | 13 months | Consent (ePrivacy) |
| Uploaded Files | Active account lifetime | Contract |
| Error Logs (Sentry) | 90 days | Legitimate interest |
| Analytics Data | 14 months | Consent |
2. Automated Cleanup
We run automated processes to enforce retention limits and minimize stored data:
| Process | Schedule | Action |
|---|---|---|
| Audit Log Cleanup | Daily | Anonymize PII in logs older than 90 days; delete logs older than 3 years |
| Expired Data Cleanup | Daily | Expire data exports older than 7 days; clear expired tokens |
| Scheduled Deletions | Daily | Execute account deletions scheduled more than 30 days ago |
3. Account Deletion
When you request account deletion, we follow this process:
- Request: You submit a deletion request through Account Settings (requires password confirmation)
- Grace Period: 30-day cooling-off period during which you can cancel the request
- Notification: Confirmation email sent immediately upon request
- Execution: Automated process deletes your account after the grace period
- Confirmation: Final notification email sent before deletion is executed
Data Removed on Deletion
- User profile and all personal information
- Organization memberships
- Chat messages
- Tickets and replies
- Documents and uploaded files
- Consent records and email preferences
Data Retained After Deletion
- Anonymized audit logs — retained for legal compliance (no personally identifiable information)
- Payment records — retained for 7 years per tax regulations
4. Your Data Rights
You can exercise the following rights at any time through your Account Settings or by contacting us:
| Right | How to Exercise |
|---|---|
| Access (Art. 15) | Request a data export via Account Settings |
| Rectification (Art. 16) | Edit your profile information directly |
| Erasure (Art. 17) | Request account deletion via Account Settings |
| Portability (Art. 20) | Export your data in JSON or CSV format |
| Object (Art. 21) | Manage email preferences; unsubscribe from communications |
| Withdraw Consent (Art. 7) | Update cookie preferences; change email opt-in settings |
5. Changes to This Policy
We review our retention periods quarterly. Changes will be reflected on this page with an updated date. For details on how we handle your data, please refer to our Privacy Policy.
6. Contact Us
If you have questions about our data retention practices:
Email: privacy@getnautis.com
Data Protection Officer: dpo@getnautis.com