Skip to main content
This page documents the retention schedule and deletion policy for data collected by Aletheia Customer Voice. The baseline schedule — 90 days standard, 180 days extended — applies across all plan tiers as defined in the Customer Voice data governance policy.
This document describes the technical retention implementation. It does not constitute legal advice. Consult qualified legal counsel for your specific obligations under GDPR or other applicable data-protection regulations.

Retention periods

Data categoryStandard retentionExtended retention
Feedback responses90 days180 days
Session identifiers90 days180 days
Agent context snapshots90 days180 days
Submission metadata90 days180 days
Deletion audit recordsIndefiniteIndefinite
Standard retention (90 days) applies to Free, Starter, and Pro plans. Extended retention (180 days) is available on Pro (opt-in) and is the default on Enterprise. The retention clock starts from the submission timestamp (submitted_at). Deletion audit records are the tombstone entries created when a record is deleted. They contain no feedback content — see Deletion phases below.

Deletion phases

When a Customer Voice record reaches its retention boundary, or when an operator issues an early deletion request, it passes through the following cascade:
PhaseTimingWhat happens
Expiry / requestAt submitted_at + retention_days, or on demandRecord flagged for deletion
Hard deleteWithin 24 hours of scheduled expiry; within 5 minutes (p99) for on-requestFeedback response, session identifier, and agent context snapshot permanently deleted from primary database
Cache clearWithin 24 hoursCloudflare KV entries for the record cleared
Tombstone writtenSimultaneously with hard deleteDeletion audit record written: record ID, deletion timestamp, org ID, and deletion reason. No feedback content.
Tombstone records are retained indefinitely as the Article 30 record of processing. They confirm that erasure was performed without retaining what was erased.

On-request deletion (early)

Operators may delete Customer Voice data before its scheduled expiry. These org-scoped operator endpoints authenticate with a bearer token — the same scheme as the GDPR deletion cascade. The request shapes are shown below. Delete all Customer Voice submissions for an org:
DELETE /v1/orgs/{org_id}/customer-voice
Authorization: Bearer $TOKEN
Delete a single submission:
DELETE /v1/orgs/{org_id}/customer-voice/{submission_id}
Authorization: Bearer $TOKEN
Both endpoints return 202 Accepted. The deletion cascade completes within 5 minutes (p99).

Configuring retention

Retention is managed through the org-scoped Customer Voice settings endpoint, which authenticates with a bearer token. Check the current retention setting for an org:
GET /v1/orgs/{org_id}/customer-voice/settings
Authorization: Bearer $TOKEN
Set extended retention (Pro opt-in / Enterprise):
PATCH /v1/orgs/{org_id}/customer-voice/settings
Authorization: Bearer $TOKEN
Content-Type: application/json

{"retention_days": 180}
Restore standard retention:
PATCH /v1/orgs/{org_id}/customer-voice/settings
Authorization: Bearer $TOKEN
Content-Type: application/json

{"retention_days": 90}
Reducing retention_days from 180 to 90 schedules immediate deletion of all records older than 90 days. The next scheduled deletion run (within 24 hours) will permanently remove those records. This action is irreversible.

Audit trail

Every deletion — scheduled or on-request — is recorded in the org governance audit log:
Audit fieldValue
event_typecustomer_voice.record_deleted (single) or customer_voice.bulk_deleted (org-wide)
submission_idThe deleted record’s ID (omitted for bulk)
record_countNumber of records deleted (bulk only)
deletion_reasonretention_expiry, operator_request, or subject_request
org_idThe org that owned the records
deleted_atISO 8601 timestamp
Query the audit log:
curl -H "Authorization: Bearer $TOKEN" \
  "https://api.mnemom.ai/v1/orgs/{org_id}/audit-log?event_type=customer_voice.record_deleted"
The audit log entry serves as the GDPR Article 30 record of processing for the deletion and is available to data protection officers conducting compliance reviews.

Plan availability

Planretention_days defaultMaximumConfigurable
Free9090No
Starter9090No
Pro90180Yes (opt-in)
Enterprise180180Yes (can be reduced to 90)