Data Retention Policy

Seek within. Our Philosophy

Innate — operated by Lotus Audaz, Lda

Effective date: 28 April 2026

Last updated: 28 April 2026

Contact: hello@innate.love

1. Purpose

This Data Retention Policy sets out how long Lotus Audaz, Lda ("we", "us") retains personal data collected through the Innate mobile application, and the processes by which data is securely deleted or anonymised when it is no longer needed.

This policy supports our compliance with:

  • GDPR Article 5(1)(e) — the storage limitation principle (data kept no longer than necessary)
  • GDPR Article 17 — the right to erasure
  • UK GDPR as incorporated by the Data Protection Act 2018 — for users in the United Kingdom
  • CCPA/CPRA — data minimisation and deletion obligations
  • Portuguese Lei n.º 58/2019

2. General Principles

We apply the following principles to all data we hold:

  • Minimisation — we only collect data that is necessary for the stated purpose.
  • Limited retention — data is kept only for as long as required to fulfil the purpose for which it was collected, or as required by law.
  • Secure deletion — when retention periods expire, data is securely and permanently deleted or irreversibly anonymised.
  • User control — users may request deletion of their data at any time, subject to legal and contractual exceptions.

3. Retention Schedule

3.1 Account and Profile Data

Data Item Retention Period Basis
Name (first, last)Duration of account + 30 days after deletionContract
Email addressDuration of account + 30 days after deletionContract
Hashed passwordDuration of account + 30 days after deletionContract
Profile avatar imageDuration of account + 30 days after deletionContract
Account preferencesDuration of account + 30 days after deletionContract

3.2 Video Recordings and Emotional Data

Special Category Data

Data Item Retention Period Basis
Video recording files (S3)Duration of account + 30 days after deletionConsent
Audio transcriptsDuration of account + 30 days after deletionConsent
Rekognition facial analysis outputDuration of account + 30 days after deletionConsent
AI-classified emotions (Bedrock)Duration of account + 30 days after deletionConsent
Self-selected emotions and intensitiesDuration of account + 30 days after deletionConsent
Life tags and contextual labelsDuration of account + 30 days after deletionConsent

3.3 Community and Social Data

Data Item Retention Period Basis
Challenge enrollments and responsesDuration of account + 30 days after deletionContract
Community repliesDuration of account + 30 days after deletionContract
Shared community contentDuration of account + 30 days after deletionContract

3.4 Authentication and Session Data

Data Item Retention Period Basis
Session access tokens15 minutes (auto-expiry)Contract
Refresh tokens7 days (auto-expiry)Contract
Google OAuth tokensSession duration onlyConsent
Push notification device tokensDuration of accountConsent

3.5 Technical and Operational Data

Data Item Retention Period Basis
Server logs (AWS CloudWatch)1 yearLegitimate interests
Error and crash reports (Sentry)90 daysLegitimate interests
Application performance metrics1 yearLegitimate interests
AWS SQS dead letter queue messages14 daysLegitimate interests
ECR container imagesLast 50 images only (rolling)Legitimate interests

3.6 Anonymised and Aggregated Data

Anonymised or aggregated data that cannot reasonably be used to identify any individual (e.g. aggregate emotion trend statistics, anonymised usage patterns) may be retained indefinitely for product improvement and research purposes. This data is not subject to the retention periods above because it no longer constitutes personal data.

4. Account Deletion Process

When a user deletes their account — either from within the App or by submitting a request to hello@innate.love:

  • Immediate: The account is deactivated and access is revoked.
  • Within 30 days: All personal data listed in Section 3 is permanently deleted from our primary database (AWS RDS PostgreSQL) and file storage (AWS S3), including: video recording files, audio transcripts, AI analysis results, profile information, and push notification tokens.
  • Within 90 days: Residual references in backup snapshots are overwritten as part of the regular backup rotation cycle.
  • Retained (anonymised only): Aggregated statistical data that cannot be linked to the individual user may be retained.
  • Retained (legal obligation): Where we are required by law to retain specific data (e.g. for tax, fraud prevention, or legal proceedings), we will retain only the minimum data required and for only as long as legally mandated.

Users in the EU/EEA and the United Kingdom may also exercise the Right to Erasure under GDPR / UK GDPR Article 17 by contacting hello@innate.love.

5. Data Export (Portability)

Users may request a copy of all personal data we hold about them. Upon receiving a verified request:

  • We will compile and deliver the data within 30 days
  • Data will be provided in a structured, commonly used, machine-readable format (JSON or CSV)
  • Delivery will be via secure email or in-app download

To request your data, contact hello@innate.love with the subject line "Data Export Request".

6. Third-Party Processor Retention

We require all third-party processors to adhere to retention periods consistent with this policy:

Processor Data Retained Their Retention Policy
AWSAll hosted dataDeleted on our instruction; CloudWatch logs: 1 year as configured by us
SentryCrash/error reports90 days (configured by us)
GoogleOAuth tokensSession-based; governed by Google's Privacy Policy
ExpoPush tokensRetained until unregistered or account deleted

7. Backup and Recovery

AWS RDS automatic backups are retained for 7 days by default. After an account deletion request is processed, that user's data will be excluded from active systems immediately; residual presence in encrypted backups will be eliminated within the 7-day backup rotation window.

Backups are encrypted at rest using AWS managed encryption keys and are accessible only by authorised Lotus Audaz personnel.

8. Special Category Data — Additional Safeguards

Video recordings, facial analysis data, audio transcripts, and emotional health data are classified as special category data under GDPR and UK GDPR. In addition to the retention periods above, we apply the following additional safeguards:

  • Access to special category data is restricted to authorised systems and personnel only.
  • Special category data is never used for advertising, profiling unrelated to the Service, or shared with third parties beyond those listed in our Privacy Policy.
  • AI processing outputs (emotion classifications) are used only to provide the Service to the individual user and are not used to build external profiles or scores.
  • Upon withdrawal of AI processing consent, no further special category data will be generated from that point forward.

9. Review of This Policy

This Data Retention Policy will be reviewed at least annually or whenever there is a material change to our data processing activities, applicable law, or technology stack.

10. Contact

For questions about this policy or to make a data deletion or export request:

Data Controller

Lotus Audaz, Lda

Rua Cândido dos Reis 112

8600-681 Lagos, Portugal

hello@innate.love

EU Supervisory Authority

CNPD

Comissão Nacional de Proteção de Dados

www.cnpd.pt

UK Supervisory Authority

ICO

Information Commissioner's Office

www.ico.org.uk