Last Updated on June 10, 2025
27.1 Account Deletion by User
Users may request permanent account deletion through in-app settings or by emailing support@chariotreport.com.
27.2 Manual Verification Required
For deletion requests involving uploaded content, Chariot may require email confirmation or identity validation to prevent fraudulent wipes.
27.3 Deletion Is Irreversible
Account deletion is final. Deleted data cannot be restored once processed through the purge pipeline.
27.4 What Is Deleted
When your account is deleted, we remove:
Your email, profile data, preferences
Uploaded images, PDFs, contracts
Chat sessions and prompt history
Purchase and usage logs (unless required for finance/tax retention)
27.5 Partial Deletion Requests
You may request deletion of specific chats, reports, or file uploads without deleting your entire account. This is processed within 7–14 business days.
27.6 Third-Party Access Post-Deletion
If your content was routed through OpenAI, Supabase, or other providers, deletion from Chariot may not guarantee deletion from third-party logs.
27.7 Deletion from Backups
Exports are provided in JSON or CSV, zipped and encrypted. Some components (e.g., PDF reports) may be included as attachments.
27.8 Export Request Process
Exports are provided in JSON or CSV, zipped and encrypted. Some components (e.g., PDF reports) may be included as attachments.
27.9 Format of Export
Exports are provided in JSON or CSV, zipped and encrypted. Some components (e.g., PDF reports) may be included as attachments.
27.10 Export Timing
Export requests are processed within 30 days. Complex accounts or high-volume usage may take longer.
27.11 Export Limitations
We do not export system logs, internal analytics, error reports, or anonymized aggregates used for product improvement.
27.12 Verified Ownership
Export delivery is only made to the email address on file after user verification.
27.13 Trial Accounts Excluded
Trial or guest accounts that never completed signup are not eligible for full exports.
27.14 Geographic Storage Scope
Chariot’s infrastructure stores data in the United States, primarily via Supabase and Railway-hosted environments. Some AI vendors may use EU or global distribution.
27.15 Residency Preferences Not Supported
We currently do not support region-locked residency preferences (e.g., “EU-only storage”) unless required by applicable law.
27.16 Cross-Border Transfers
By using Chariot, you consent to your data being transferred to and processed in countries outside your own jurisdiction.
27.17 Lawful Basis for Transfers
Transfers are protected via:
Standard Contractual Clauses (SCCs)
Data Processing Agreements (DPAs)
Vendor compliance with ISO 27001/SOC2 standards
27.18 Canadian & Brazilian Residency Requests
PIPEDA (Canada) and LGPD (Brazil) requests for data residency may be honored on a case-by-case basis pending infrastructure review.
27.19 Indian & South Korean Local Storage Laws
We do not currently localize data in India or South Korea. Users in these regions consent to offshore processing under our global policy.
27.20 Chinese Users
Chariot is not offered in China. Use of VPN to access the app is against our terms and voids any residency claims.
27.21 Chat History Retention
Chats are stored for:
30 days for free/weekly plans
90 days for monthly plans
1 year for annual plans
27.22 Uploaded Images/PDFs
Media files are retained:
7–30 days for weekly/monthly users
90 days for report purchases
1 year for Annual plan subscribers
27.23 Report Access Expiry
Access to generated reports expires:
90 days after purchase (unless Annual subscriber)
Immediately after refund, deletion, or ban
27.24 System Logs
Internal logs may be retained indefinitely in anonymized format for abuse detection, analytics, and system performance auditing.
27.25 Legal Hold
Data under legal investigation, subpoena, or dispute may be retained regardless of user deletion requests until cleared.
27.26 Encryption Standards
All user data is encrypted at rest and in transit using modern cryptographic standards (AES-256, TLS 1.3).
27.27 Data Portability Under GDPR/CCPA
We comply with GDPR Article 20 and CCPA Section 1798.100–1798.130 for data access and portability upon verified request.
27.28 Dormant Account Cleanup
Accounts inactive for 18+ months may be deleted with 30-day email notice if unresponsive.
27.29 Deletion for Abuse or Fraud
We may proactively delete data from accounts found to be engaged in abuse, fraud, or violation of Section 20 or 11.
27.30 Clause Survival
All retention, export, and deletion terms persist beyond account cancellation or platform discontinuation.
Contact Us
If you have any questions or concerns about our Terms of Service or the handling of your personal information, please contact us at support@chariotreport.com