Data Deletion & Retention Policy
Effective Date: February 3, 2026 Last Updated: February 3, 2026
1. Introduction
This Data Deletion & Retention Policy explains how Otter Mate Inc. (“OtterMate,” “we,” “us,” or “our”) handles data retention and deletion requests. This policy is part of our commitment to transparency and compliance with privacy regulations including GDPR, CCPA, and platform requirements.
This policy should be read alongside our Privacy Policy and Terms of Service.
2. Your Right to Delete Your Data
You have the right to request deletion of your personal data at any time. This right is protected under:
- GDPR Article 17 (EU/EEA residents): “Right to Erasure” or “Right to be Forgotten”
- CCPA/CPRA (California residents): “Right to Delete”
- Various U.S. state laws (Virginia, Colorado, Connecticut, Texas, etc.)
- Platform requirements (Meta, LinkedIn, etc.)
3. How to Request Data Deletion
3.1 Self-Service Deletion (Recommended)
The fastest way to delete your data is through your account settings:
- Log in to your OtterMate account
- Navigate to Settings → Privacy → Delete My Account
- Confirm your identity (password or email verification)
- Select what data to delete:
- Delete Account & All Data (complete deletion)
- Delete Specific Data (selective deletion)
- Confirm your request
3.2 Email Request
You may also request deletion by email:
Email: c.bowden@ottermate.ai Subject Line: Data Deletion Request
Include:
- Your account email address
- Whether you want complete or selective deletion
- Verification information (last 4 digits of payment method, or answer to security question)
3.3 Written Request
Mail: Otter Mate Inc. Attn: Data Deletion Request 27650 MESABE Drive Magnolia, Texas 77354 United States
4. What Gets Deleted
4.1 Complete Account Deletion
When you request complete deletion, we delete:
| Data Category | What’s Deleted |
|---|---|
| Account Information | Name, email, phone, password, company info |
| Social Media Connections | OAuth tokens, access credentials |
| Scraped Business Data | Website content, images, PDFs, markdown files |
| Generated Content | AI-generated posts, strategies, captions |
| Scheduled Posts | All pending scheduled posts (cancelled) |
| Analytics Data | Usage history, feature usage logs |
| Preferences | Settings, configurations, preferences |
4.2 Selective Deletion
You may request deletion of specific data types:
- Disconnect a social account (removes tokens and associated data)
- Delete scraped content (removes business website data)
- Delete generated content (removes AI-generated materials)
- Delete posting history (removes records of published posts)
4.3 Data We Cannot Delete
Certain data may be retained as required by law or legitimate business interests:
| Data Type | Retention Reason | Retention Period |
|---|---|---|
| Transaction records | Tax and accounting laws | 7 years |
| Fraud/abuse records | Legal protection, investigation | 3 years |
| Anonymized analytics | Product improvement | Indefinitely |
| Legal holds | Pending litigation or legal process | Duration of hold |
| Communication records | Customer support, legal compliance | 2 years |
5. Deletion Timeline
5.1 Standard Deletion
| Stage | Timeline |
|---|---|
| Request received | Immediate confirmation email |
| Verification | Within 24 hours |
| Primary deletion | Within 30 days |
| Backup purge | Within 90 days |
| Completion notice | Email upon completion |
5.2 Expedited Deletion
For urgent requests (e.g., security concerns), we may expedite deletion. Contact us at c.bowden@ottermate.ai with “URGENT” in the subject line.
6. Platform Data Deletion Callbacks
6.1 Meta (Facebook/Instagram) Data Deletion
When you remove OtterMate from your Facebook account settings, Meta sends us a data deletion callback request. We process these requests automatically.
How it works:
- You go to Facebook Settings → Apps and Websites
- You remove OtterMate from your connected apps
- Facebook sends a signed request to our callback URL
- We verify the request and queue your data for deletion
- We return a confirmation code and status URL
- Your data is deleted within 30 days
Status Check:
After initiating deletion through Facebook, you can check the status at:
https://ottermate.ai/deletion-status?id=[confirmation_code]
6.2 Other Platform Callbacks
We process data deletion callbacks from other platforms as they implement them:
| Platform | Callback Support | Status |
|---|---|---|
| Supported | Active | |
| Google/YouTube | Supported | Active |
| TikTok | Supported | Active |
| Supported | Active | |
| Bluesky | Manual process | Active |
7. Data Retention Periods
We retain different types of data for different periods based on necessity and legal requirements.
7.1 Active Account Data
While your account is active:
| Data Type | Retention |
|---|---|
| Account information | Until you delete or modify |
| Social media tokens | Until you disconnect |
| Scraped content | Until you delete or account closes |
| Generated content | Until you delete or account closes |
| Analytics | 2 years rolling |
7.2 Post-Cancellation Retention
If you cancel your subscription but don’t delete your account:
| Data Type | Retention | Reason |
|---|---|---|
| Account info | 1 year | Allow reactivation |
| Content | 90 days | Recovery period |
| Tokens | Revoked immediately | Security |
7.3 Post-Deletion Retention
After you request deletion:
| Data Type | Retention | Reason |
|---|---|---|
| Most personal data | 0 days (deleted) | Your request |
| Transaction records | 7 years | Tax compliance |
| Abuse records | 3 years | Fraud prevention |
| Anonymized data | Indefinitely | Aggregate analytics |
| Backups | Up to 90 days | Technical process |
7.4 Inactive Account Handling
Accounts with no activity for 24 months may be:
- Notified of pending deletion (60-day notice)
- Deleted if no response
8. Data Export (Portability)
8.1 Your Right to Data Portability
Under GDPR Article 20 and similar laws, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
8.2 How to Export Your Data
- Log in to your OtterMate account
- Navigate to Settings → Privacy → Export My Data
- Select the data categories to export
- Click “Generate Export”
- Download the ZIP file when ready (typically within 24 hours)
8.3 Export Format
Your data export includes:
ottermate_export_[date].zip
├── account.json # Account information
├── social_connections.json # Connected accounts (no tokens)
├── scraped_content/
│ ├── website_data.json # Scraped business info
│ ├── images/ # Downloaded images
│ └── documents/ # Downloaded PDFs
├── generated_content/
│ ├── posts.json # All generated posts
│ └── strategies.json # Marketing strategies
├── posting_history.json # Published post records
├── analytics.json # Usage data
└── preferences.json # Settings and preferences8.4 What’s Not Included
- OAuth tokens (security reasons)
- Internal system logs
- Data from third-party platforms (request from them directly)
9. Third-Party Data
9.1 Content Posted to Social Platforms
When you post content through OtterMate to social media platforms:
- That content is governed by each platform’s policies
- Deleting from OtterMate does not delete from social platforms
- You must delete from each platform separately
9.2 Data Shared with AI Providers
Data sent to AI providers (Anthropic, Google, OpenAI) for processing:
- Is transmitted temporarily for processing
- Is not retained by these providers under our enterprise agreements
- Cannot be “deleted” as it is not stored by them
9.3 Data with Other Service Providers
| Provider | Data Deletion |
|---|---|
| Stripe | Contact Stripe directly for payment data |
| Vercel | Deleted with account |
| Google Analytics | Anonymized, not deletable |
10. Verification Process
To protect against unauthorized deletion requests, we verify your identity:
10.1 Self-Service Verification
- Password confirmation, or
- Email verification link, or
- Two-factor authentication
10.2 Email/Mail Request Verification
We may ask for:
- Account email address
- Last 4 digits of payment method
- Answer to security question
- Government ID (for high-risk requests)
10.3 Authorized Agent Requests
If you use an authorized agent to submit a deletion request:
- The agent must provide signed authorization from you
- We may contact you directly to verify
- Agents cannot verify on your behalf
11. Appeal Process
If you believe your deletion request was improperly denied:
- Email c.bowden@ottermate.ai with subject “Deletion Appeal”
- Explain why you believe the denial was incorrect
- We will respond within 14 days
- You may escalate to your local data protection authority
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via:
- Email notification to account holders
- Prominent notice on our website
- At least 30 days before changes take effect
13. Contact Us
For deletion requests: Email: c.bowden@ottermate.ai Subject: Data Deletion Request
For questions about this policy: Otter Mate Inc. 27650 MESABE Drive Magnolia, Texas 77354 United States Email: c.bowden@ottermate.ai
14. Technical Implementation Reference
This section is for internal reference and developer implementation.
14.1 Meta Data Deletion Callback Specification
Endpoint: POST /api/facebook/data-deletion
Request from Meta:
signed_request=[encoded_signed_request]Required Response:
{
"url": "https://ottermate.ai/deletion-status?id=abc123",
"confirmation_code": "abc123"
}Status Check Endpoint: GET /deletion-status?id=[confirmation_code]
Status Response:
{
"status": "completed", // or "pending", "in_progress"
"deletion_date": "2026-02-15T00:00:00Z"
}14.2 LinkedIn Data Deletion Callback Specification
LinkedIn requires apps to provide a data deletion endpoint for user data removal requests.
Endpoint: POST /api/linkedin/data-deletion
Request Headers:
Content-Type: application/json
X-LinkedIn-Signature: [HMAC-SHA256 signature]Request Body:
{
"member_id": "urn:li:person:ABC123",
"timestamp": 1706892000000,
"event_type": "MEMBER_DATA_DELETION_REQUEST"
}Required Response (200 OK):
{
"status": "acknowledged",
"deletion_id": "del_abc123"
}Verification: Validate the X-LinkedIn-Signature using your client secret and HMAC-SHA256.
14.3 Google/YouTube Data Deletion Callback Specification
Google provides a Data Deletion Request notification when users revoke access.
Endpoint: POST /api/google/data-deletion
Request (via Pub/Sub or webhook):
{
"kind": "api#channel",
"resourceId": "user-resource-id",
"resourceUri": "https://www.googleapis.com/oauth2/v3/userinfo",
"token": "deletion-request-token",
"expiration": 1706892000000
}Required Response (200 OK):
{
"status": "acknowledged"
}Note: Google also requires implementing the token revocation check via https://oauth2.googleapis.com/revoke endpoint.
14.4 TikTok Data Deletion Callback Specification
TikTok requires a callback URL for data deletion requests under their Login Kit.
Endpoint: POST /api/tiktok/data-deletion
Request Body:
{
"user_id": "tiktok_user_open_id",
"app_id": "your_app_id",
"timestamp": 1706892000,
"signature": "[HMAC signature]"
}Required Response (200 OK):
{
"data": {
"receipt_id": "del_tiktok_abc123",
"status": "success"
},
"error": {
"code": 0,
"message": ""
}
}Verification: Validate signature using your app secret key.
14.5 Pinterest Data Deletion Callback Specification
Pinterest requires apps to handle user data removal when access is revoked.
Endpoint: POST /api/pinterest/data-deletion
Request Headers:
Content-Type: application/json
X-Pinterest-Signature: [signature]Request Body:
{
"user_id": "pinterest_user_id",
"action": "data_deletion",
"timestamp": "2026-02-03T12:00:00Z"
}Required Response (200 OK):
{
"status": "received",
"confirmation_code": "del_pin_abc123"
}14.6 Bluesky Data Deletion (Manual Process)
Bluesky uses the AT Protocol and does not currently provide automated data deletion callbacks.
Process:
- User revokes app password or disconnects in Bluesky settings
- Our system detects token invalidity on next sync attempt
- We automatically queue local data for deletion
- Data is removed within 30 days
User-Initiated: Users can also request deletion through our standard deletion process (Section 3).
14.7 Implementation Checklist
Data Deletion Endpoints:
- Build
/api/facebook/data-deletionendpoint - Build
/api/linkedin/data-deletionendpoint - Build
/api/google/data-deletionendpoint - Build
/api/tiktok/data-deletionendpoint - Build
/api/pinterest/data-deletionendpoint
Core Infrastructure:
- Implement signed request verification (per platform)
- Create unified deletion queue system
- Build status check endpoint (
/deletion-status) - Implement self-service deletion UI
- Build data export functionality
- Set up deletion notification emails
- Configure backup purge schedule
Document Version: 1.0 Approved By: Chandler Bowden Next Review Date: February 3, 2027
Questions? Email support@ottermate.ai.
← Back to home