Trust Center policy

TyriaCore Data Retention & Deletion Policy

Retention timeline, export window, and post-termination deletion process.

Back to Trust CenterBack to the Engine
Document type
Published policy
Public policy page
Last updated
May 31, 2026
Current published revision
Access
Public
No authentication required

TyriaCore Data Retention & Deletion Policy

Last Updated: May 31, 2026

This policy describes Provider's general retention, export, and deletion practices for Customer Data.

This policy is incorporated by reference into the Agreement between Provider and Customer to the extent referenced in an Order Form or otherwise incorporated into the Agreement.

Order of precedence. If there is a conflict between this policy and the Agreement (or a DPA/BAA), the order of precedence in the Agreement controls. If a BAA applies, PHI retention/deletion follows the BAA to the extent of conflict.

1. During the Subscription Term

Customer Data is retained for the duration of the active subscription term, subject to Customer's configuration and deletion actions within the Platform.

2. Post-Termination Data Access Window (Export)

Following termination or expiration of the applicable Order Form, Provider will retain Customer Data for 60 days to allow Customer to export Customer Data, provided Customer:

  • has paid all undisputed amounts due; and
  • complies with Provider's reasonable export procedures.

3. Export Assistance (Optional)

Customer may export Customer Data using the Platform's then-available self-service export functionality (if any).

If Customer requests export assistance beyond self-service (including custom formats, large-volume exports, or migration support), Provider may provide such assistance as Professional Services under a SOW or, if no SOW is executed, at Provider's then-current professional services rates and subject to Provider's reasonable procedures. Provider may require payment of all undisputed amounts prior to providing export assistance.

4. Deletion After the Access Window

After the retention period, Provider will delete Customer Data from active production systems in accordance with deletion procedures, unless retention is:

  • required by law,
  • required to resolve disputes, or
  • necessary for legitimate archival/backups.

If stored in backups, Provider will delete such data in accordance with backup retention cycles and maintain reasonable safeguards to prevent access except as required for restoration or legal compliance.

Active production systems may include AWS-hosted PostgreSQL databases, AWS S3 object storage, encrypted application tables, operational audit/log stores, transient Valkey cache entries, and configured third-party feature providers. Cache entries and generated PDF artifacts may have shorter technical retention windows than account-level Customer Data retention.

5. Controlled Data Exports (Security)

Exports may be provided through a controlled process, including: (a) request initiated via account management; (b) identity verification; (c) secure file delivery via time-limited links available for ten (10) business days; (d) password delivered separately to the tenant's on-file email; and (e) temporary storage with deletion after expiration.

6. PHI

If a BAA is in effect, retention and deletion obligations for PHI are governed by the BAA to the extent of conflict.

7. Contact

Questions: support@tyria.app