Data Deletion

Effective date: 15 June 2026 · Last updated: 15 June 2026

This page explains how to delete personal data and account data held by OSYNK AI S.R.L. ("Osynk", "we", "us"), what we delete, what we are required to keep, and how long each step takes. You can request deletion at any time, at no cost, from anywhere in the world. The "Last updated" date shown above reflects the most recent revision of this page.

1. How to request deletion

To request deletion of your personal data or to close and delete an account, email us at contact@osynk.ai with your request. To help us locate the right records and verify the request, please include the email address associated with the data, the workspace or account name where applicable, and a short description of what you want deleted. We may ask for additional information to confirm your identity before we act, so that we do not disclose or delete data at the request of the wrong person.

Deletion can be requested at any time, costs nothing, and is available to data subjects regardless of where they are located. We honour valid deletion requests within one month of receiving them. Where a request is complex, or where we have received a large number of requests, we may extend this period by up to two further months; if we do, we will inform you of the extension and the reasons for the delay within the first month after receiving your request. This timeline is subject to the statutory-retention exceptions described in section 5.

2. Account and workspace deletion: what we delete

Each customer's workspace is isolated in its own database schema. When an account is deleted, we carry out a full teardown of that workspace, which removes:

• The workspace's database schema, dropped in full, including all CRM records, contacts, leads, deals, appointments, knowledge-base content, conversation data, and other tenant data stored in it.
• The landlord-level routing records that map the workspace to its schema, so that the workspace can no longer be resolved or accessed.
• The workspace's stored files and media, purged from object storage.
• The workspace's cached and queued data held in our in-memory store (Redis), scrubbed as part of the teardown.

After this teardown, the deleted workspace and its content are no longer accessible through the Service.

3. What we are required to keep after deletion

A small set of records survives an account deletion because the law requires us to keep them or because they are necessary to defend a specific legal claim. These are limited to:

• Statutory accounting and tax records. Supporting accounting documents, invoices, and the financial records Romanian law requires us to retain, for the periods set out in section 5.
• Copies inside encrypted backups. Backups are kept on a rolling basis and persist until backup rotation completes, as described in section 4.

These retained records are minimised to what the relevant obligation requires and are not used for any purpose other than the one that justifies keeping them.

4. Soft deletion, hard deletion, and backups

When you delete data inside the application, the record is marked deleted immediately and hidden from the Service. A permanent purge of the underlying data then follows on the schedules below. For files placed in the CRM trash, the purge runs 30 days after the file is trashed.

Default permanent-deletion windows for in-product data:

• CRM records and customer content. Until you delete them or the account is closed; soft-deleted first, then purged. CRM trash files are purged after 30 days.
• Inbound lead and webhook events. 6 months, then pruned.
• Meta event-matching data. Raw identifiers are redacted after 7 days by default; event rows persist without the raw identifiers.
• Audit logs and change history. 24 months by default.
• Outbound email logs. 365 days by default. Message bodies are never stored; we keep only integrity hashes and metadata.
• Public-form temporary uploads. 24 hours if the form is abandoned.
• Backups. 30 days on a rolling basis.

Copies of deleted data can remain inside our encrypted backups until backup rotation completes, which takes up to 30 days. After rotation, the deleted data is unrecoverable. This backup lag is the reason a request honoured within 30 days may still leave a residual copy in a backup that is purged shortly afterwards.

5. Statutory retention exceptions

Where Romanian law requires us to retain records, we keep them for the period the law prescribes, even after an account is deleted:

• Supporting accounting documents and registers, including invoices. Kept for 5 years, counted from 1 July of the year following the financial year to which they relate (Law 82/1991, Article 25, as amended by Law 36/2023). Invoices relating to capital goods are kept longer, to cover the applicable VAT-adjustment periods.
• Annual financial statements. Kept for 10 years.
• Fiscal limitation period. 5 years, counted from 1 July of the year following the year in which the tax claim arose, and 10 years where the claim results from a criminal act, counted from the date of the act (Law 207/2015, Article 110).
• Civil claims under a contract. The general civil limitation period is 3 years (Civil Code, Article 2517); contract records are kept for the term of the contract plus the limitation period.

Separately, where we need to retain records to establish, exercise, or defend a legal claim under Article 17(3)(e) GDPR, we limit that retention to the records reasonably necessary for identified or reasonably anticipated proceedings, and we assess each category individually rather than retaining data on a blanket basis.

6. End users of a customer's workspace

If you are an individual whose data was collected by one of our customers (for example, you submitted a form, booked an appointment, or chatted with the Anya assistant on a customer's website), that customer is the controller of your data and Osynk acts as its processor. Please direct your deletion request to that customer first, as the controller is responsible for deciding on and actioning the request.

As a technology provider acting for our business customers, where we receive a data-subject-rights request that concerns data we process on a customer's behalf, we relay that request to the relevant customer so they can action it, and we assist the customer in carrying it out. If you are not sure which customer holds your data, write to contact@osynk.ai and we will help route your request.

7. Deleting Meta Lead Ads data

The following instructions apply when the Meta Lead Ads feature ships. They describe how a customer removes lead data imported from Meta once that integration is available:

• Disconnect the Meta integration from your workspace settings. This stops all further lead import and removes the stored Meta access token from Osynk; lead records already imported into your CRM are not affected by disconnecting and remain until you delete them (see the next item).
• Delete the imported lead records in your CRM; standard CRM deletion and trash purge then apply (section 4).
• Raw webhook payloads received from Meta are purged automatically after 90 days, after which only the processing record (status, identifiers, and timestamps) is kept, without the raw lead content.
• Deauthorising the Osynk app from your Facebook Business settings triggers Meta's deauthorise and data-deletion callbacks, which Osynk processes.
• For anything residual, contact contact@osynk.ai; as with every deletion request, this is honoured at any time and at no cost.

8. Related pages

For how long we keep personal data generally and the legal bases for processing, see our Privacy Statement. Our full company registration and legal details are published in the site footer.

9. Contact

Deletion requests and any questions about this page: contact@osynk.ai.