Data Deletion Policy: Agentcy Application
Applies to: app.agentcymarketing.co and the Agentcy application
Last updated: May 16, 2026
Contact for deletion requests: [email protected]
In-app deletion: Settings → Account → Delete account / Delete workspace
This policy explains how Agentcy handles deletion of data inside the Agentcy application — your account, your workspaces, your brands, and everything connected to them. For data collected on our public marketing pages, see the Marketing Website Data Deletion Policy.
1. What data lives in the app
Agentcy stores the following categories of data on your behalf. All of it is associated with either your user account or one or more workspaces you are a member of.
1.1 Account data. Managed by our authentication provider (Clerk). Includes your email, name, hashed password (we never see it in plaintext), authentication factors, session metadata, and timestamps.
1.2 Workspace and team data. Workspace name, type (solo or agency), subscription tier, team members, roles, invitations, billing customer ID, and model configuration.
1.3 Brand data. For each brand you manage: brand kit (voice, tone, mission, personas, colors, typography, content pillars), client brief (goals, budget, competitors, timeline), strategies, plans, campaigns, content drafts, approved content, generated assets, and the brand’s full conversation history with the orchestrator agent.
1.4 AI memory. Vector embeddings of past interactions stored in pgvector inside Supabase. Used to give the orchestrator long-term context on each brand. Always scoped to a single brand.
1.5 Platform integration tokens. When you connect Google Ads, Meta, Mailchimp, Shopify, etc., we store OAuth access and refresh tokens encrypted with AES-256 in Supabase Vault. We never store the platform passwords themselves.
1.6 Platform data we read. When you connect a platform, we read campaign metrics, content, customers, orders, and other platform data into Agentcy so the orchestrator can reason over it. This data is stored under your workspace.
1.7 Files. Uploaded brand assets, generated images, exported reports, and other files in Supabase Storage. Encrypted at rest, accessible only via signed URLs.
1.8 Billing data. Customer record, subscription state, invoices, and payment method references. Managed by Stripe — we never see your card number.
1.9 Audit logs. A record of significant actions (logins, approvals, integration connects, billing events) for security and compliance.
1.10 Landing-page submissions. If you publish landing pages through Agentcy, the submissions are stored under your brand and may also be pushed to any CRM you’ve connected.
2. The deletion model
Agentcy uses a soft-delete-then-hard-delete model on every deletable record.
- Soft delete (immediate). When you delete a brand, workspace, or account, the record is marked with a
deleted_attimestamp and is immediately invisible across the app — you cannot see it, members cannot see it, the orchestrator cannot read it, and it is excluded from all reports and exports. - Hard delete (within 30 days). A nightly job permanently removes any record whose
deleted_atis older than 30 days. After hard deletion, the data cannot be recovered.
The 30-day window exists so accidental deletions can be reversed by emailing [email protected]. After the window closes, we can no longer recover the data, even at your request.
3. What you can delete yourself
Every customer has self-serve controls. No support ticket required.
| You can delete | Where | What happens |
| A single brand | Brand settings → Delete brand | Brand, brand kit, strategies, plans, campaigns, content, AI memory, files, and connections for that brand are soft-deleted. |
| A workspace you own | Workspace settings → Delete workspace | All brands inside it are soft-deleted; team members lose access immediately; billing is canceled at end of current period. |
| Your entire account | Account → Delete account (or DELETE /api/account) | You are removed from every workspace where you are a member. Workspaces you own are soft-deleted. Your Clerk identity is purged. |
| A single platform connection | Brand → Integrations → Disconnect | OAuth tokens are deleted from our database; we attempt to revoke them with the upstream platform. Historical data read from that platform under that brand remains until you delete the brand. |
| A specific file | Files → Delete | Removed from Supabase Storage within 24 hours. |
| A conversation thread | Conversation → Delete | Removed; associated vector memories for that brand are recomputed on next use. |
All in-app deletions follow the same 30-day soft-delete window described in Section 2.
4. What you must email us to delete
A few things are not exposed as self-serve buttons today. To delete any of these, email [email protected]:
- Old workspaces you were once a member of but no longer have access to
- Specific historical audit log entries (we will delete only what’s permissible — see Section 6)
- Backup copies older than the standard 30-day window (only if technically possible)
- Anything you can’t reach because your account is locked or billing is past-due
We respond within 3 business days and complete the deletion within 30 days of confirming your identity.
5. What happens to other people’s data in your workspace
If you delete a workspace, you also affect the data of team members and (where applicable) the brands’ customers whose data you imported. We do not require those individuals to consent through us — but you are responsible for the contractual and legal basis on which you collected and now delete that data.
- Team members lose access immediately on workspace deletion. Their personal user accounts are not deleted (they may belong to other workspaces).
- Landing-page submissions are deleted along with the brand they belong to. If you have synced them to a CRM (HubSpot, Salesforce, Pipedrive, Close), the copies in those CRMs are not deleted by Agentcy — you must delete them in the CRM itself.
- Platform data we read (e.g., Meta Ads campaigns, Shopify orders) is deleted from our database. The original copies in the platform itself are unaffected.
6. Data we are required to keep
A small set of records is retained even after a deletion request, because law or platform policy requires it:
| Data | Retention | Reason |
| Billing invoices and payment records | 7 years | Tax and accounting law |
| Audit log entries tied to security incidents | Up to 7 years | Incident response, fraud investigation, legal obligations |
| Suppression-list entry (hashed email) | Indefinite | So we don’t accidentally re-onboard you from a future import |
| Anonymized, aggregated usage metrics | Indefinite | Product analytics — cannot be linked back to you |
Where we retain data under this section, it is minimized to what the obligation actually requires, isolated from active product systems, and accessible only to a small operations group.
7. Subprocessors and downstream propagation
Agentcy uses the following subprocessors to operate the app. When you delete data, we propagate the deletion to each one in scope:
| Subprocessor | Purpose | What we instruct on deletion |
| Clerk | Authentication, sessions | Delete user identity on account deletion |
| Supabase | Database, file, storage, vector store | Hard-delete records after 30-day window |
| Stripe | Billing, payments | Customer record retained per tax law; subscription canceled |
| Vercel | App hosting, edge logs | Logs age out per Vercel’s 30-day retention |
| Upstash | Rate-limit state | TTL-based— expires within hours |
| Resent | Transactional email | Suppression-list entry retained |
| Anthropic | AI model calls | API calls are not used for training; no Anthropic-side retention beyond standard log windows |
| OpenRouter | AI model routing for non-Anthropic models | No-training header passed by default |
| Connected platforms (Google, Meta, Shopify, etc.) | Platform integrations | OAuth tokens revoked; data we previously read is deleted from our side. Platform-side data is not affected by us. |
8. Backups
Encrypted database backups are retained for up to 35 days by our hosting provider. Soft-deleted records age out of backups along the same rolling window. We will not restore a backup solely to preserve data marked for deletion, and we will not reach into backups to selectively delete a single record. If you want absolute confirmation that no copy of your data remains anywhere, allow up to 65 days from your deletion request: 30 days for the soft-delete window plus up to 35 days for the oldest backup to roll off.
9. Export before you delete
Before deleting, you can export your data in standard formats:
- Brand kit, strategy, plan, and content calendar as JSON or PDF
- Performance and reporting data as CSV
- Conversation history as JSON
Export is available in Settings → Export, or via GET /api/workspaces/{id}/export. There is no extra charge for export, and you can run it whether or not you intend to delete afterward.
10. Regional rights
If you are subject to GDPR, UK GDPR, CCPA / CPRA, or another regional data-protection regime, you have additional rights including access, portability, correction, restriction, and the right to lodge a complaint with a supervisory authority. To exercise any of these, email [email protected] with your request. We respond within the statutory window for your jurisdiction.
EU and UK customers may also designate an authorized agent to make a request on their behalf. We will verify the agent’s authorization before acting.
11. Reactivation after soft delete
Within the 30-day soft-delete window:
- Account. You can sign up again with the same email — we’ll detect the pending deletion and ask whether to reactivate or proceed with a fresh account.
- Workspace or brand. Email [email protected] with the workspace or brand name; we can restore it if it hasn’t yet hard-deleted.
After 30 days, restoration is not possible.
12. Security incidents
If a deletion request is part of a suspected security incident on your account (e.g., you believe someone else triggered it), tell us immediately at [email protected] and we will pause the deletion timer while we investigate.
13. Changes to this policy
We will update the “Last updated” date when this policy materially changes. Significant changes (for example, a new subprocessor that handles personal data) will be communicated by email to workspace owners at least 30 days before they take effect.
14. Contact
Agentcy, LLC
[email protected] — privacy and deletion requests
This document is operational policy, not legal advice. It should be reviewed by your counsel before publication.