conversion legal·public preview

Data Retention

Retention is described by category because exact periods depend on account configuration, product settings, legal obligations, and provider behavior. This page explains how Ethen approaches retention, deletion requests, backups, and provider-side records.


Data Retention Policy

This Data Retention Policy describes how Upcube approaches retention and deletion for Ethen. Retention is described by category because exact periods depend on account configuration, product settings, legal obligations, and provider behavior.

1. Scope

This policy covers account records, workspace content, prompts and outputs, files, workflow and evidence records, logs, billing records, security records, backups, and related operational data processed in connection with Ethen. It also explains boundaries for provider-side retention and local runtime retention where those paths exist. It does not control retention practices of third-party sites you visit outside Ethen. Enterprise agreements may define different schedules for specific customers. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Covers major Ethen data categories.
  • Provider and local paths are called out separately.
  • Enterprise contracts may customize schedules.

2. Account records

Account records such as identity, authentication metadata, organization membership, and role assignments are retained while an account is active and for a period after closure as needed for security, fraud prevention, support, and legal compliance. Account contact history and support tickets may be retained to maintain continuity and investigate abuse. When an organization offboards users, admins should also remove local access and rotate shared secrets. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Active accounts retain identity and membership data.
  • Post-closure retention may apply for security and legal needs.
  • Admin offboarding remains important.

3. Workspace records

Workspace configuration, membership, project structure, and settings are retained while the workspace exists and may persist for a limited period after deletion for recovery, audit, or dispute purposes where supported. Shared workspace history can include contributions from multiple users. Deletion of one user account may not remove all content they created if the organization still needs it. Admins should export important records before destructive workspace operations when export tools are available. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Workspace config persists for product operation.
  • Multi-user content may outlive one account.
  • Export before destructive admin actions.

4. Prompts and outputs

Prompts and outputs may be retained as part of sessions, threads, runs, or history features to provide continuity and review. Retention duration may depend on product settings, plan capabilities, and whether a run is linked to evidence or approvals. Users should avoid placing unnecessary secrets in prompts. Organizations can reduce risk with internal retention hygiene and available product controls. Deleted conversations may remain in backups for a time. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • History features retain prompts/outputs for continuity.
  • Settings can affect retention.
  • Backups may lag user deletions.

5. Uploaded files

Uploaded files may be stored for as long as needed to provide the feature that required them, including re-open, re-process, or evidence use cases. Temporary processing copies may also exist. When a file is deleted in product UI, underlying object storage and caches may take additional time to purge. Provider-side copies may exist if the file was transmitted to a model or tool provider. File retention should be considered in data classification decisions before upload. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Files persist to support product features.
  • Deletion can be asynchronous across layers.
  • Provider copies may exist after routing.

6. Workflow, approval, and evidence records

Approval decisions, receipts, tool traces, and evidence packages may be retained longer than ordinary chat history because they support accountability, security review, and operational debugging. Organizations should decide which evidence must be kept for internal policy and which can be purged. Ethen provides product records; it does not automatically create a certified compliance archive. Legal holds or investigations may require preserving relevant evidence. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Evidence often outlives casual chat history.
  • Not a certified compliance archive by default.
  • Legal holds can extend preservation.

7. Logs and diagnostics

Application logs, error reports, performance diagnostics, and similar telemetry may be retained for reliability, security, and product improvement. Logs should be access-controlled and minimized where practical. Logs may incidentally include identifiers, route metadata, or error payloads. Customers should avoid placing secrets in fields likely to be logged. Retention windows for logs are operational and may change with infrastructure needs. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Logs support reliability and security.
  • Minimize secrets in log-prone fields.
  • Log windows are operational.

8. Billing records

Where billing is configured, invoices, payment metadata, usage aggregates, and tax-related records may be retained for statutory accounting, tax, and dispute periods required by law or payment processors. BYOK provider bills are retained by providers under their systems. Ethen may keep usage estimates or route attribution for product display and support. Billing retention often exceeds ordinary workspace history retention. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Commercial records may have statutory retention.
  • Provider bills are separate under BYOK.
  • Usage estimates may be stored for support.

9. Security records

Security logs, abuse investigations, access records, and incident-related data may be retained as needed to detect fraud, secure the service, and meet legal obligations. These records may be preserved even when related content is deleted from primary product views. Retention length depends on risk, investigation status, and law. Upcube does not publish false fixed periods that are not operationally grounded. Customers should report security issues promptly to help limit retention needed for investigation. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Security records can outlive primary content.
  • Periods depend on risk and law.
  • Prompt reporting helps containment.

10. Backups

Backups protect against data loss and may contain copies of account, workspace, and operational data. Backup cycles mean deletion from primary systems is not always instantaneous across all copies. Backups are access-restricted and are not an alternate product API for browsing history. Restores are exceptional operational events. Backup expiry follows infrastructure schedules. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Backups create delayed purge semantics.
  • Backups are not user-facing history browsers.
  • Expiry follows infrastructure schedules.

11. Deletion requests

Users and organizations may request deletion through available account tools or support channels. Upcube may verify identity and authority before acting, especially for organization-owned workspaces. Some data cannot be fully deleted immediately or at all where law requires retention, where data is needed for security and fraud prevention, or where it resides with providers outside Upcube control. Enterprise admins may own deletion for member-generated workspace content. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Verification may be required.
  • Some retention exceptions apply.
  • Org admins may control workspace deletion.

12. Provider-side retention

When content is sent to model or tool providers—including under BYOK—those providers may retain data according to their terms, abuse systems, and settings. Upcube cannot unilaterally erase provider-side records. Customers should configure provider retention controls where offered and evaluate providers for sensitive workloads. See BYOK Data Handling for related boundaries. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Providers may retain routed content.
  • Customer provider settings matter.
  • Upcube cannot always erase provider copies.

13. Local runtime retention

Local or private runtimes may store models, caches, logs, or artifacts on customer-controlled machines. That retention is primarily controlled by the customer’s environment and operational practices. Ethen product metadata may still exist remotely even when model execution is local. Map both sides before assuming a fully local retention posture. Customers should wipe local caches according to their own secure-deletion standards. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Local retention is mostly customer-controlled.
  • Remote metadata may still exist.
  • Apply local secure-deletion practices.

14. Enterprise retention and exceptions

Enterprise customers may negotiate retention schedules, export assistance, or region-specific handling in written agreements. Public pages do not override those contracts. Legal, tax, accounting, security, and dispute exceptions can extend retention beyond ordinary product defaults. Upcube will limit use of retained data to the purposes that justify keeping it. For retention questions, contact published support or enterprise channels. Customers evaluating regulated workloads should confirm whether category-level retention is sufficient for their program. If fixed schedules are mandatory, obtain written confirmation and validate product support before relying on a specific number of days.

  • Contracts may customize retention.
  • Legal and security exceptions exist.
  • Purpose limitation still applies to retained data.

How to use this page

Use this page to understand retention categories and operational expectations. It does not invent exact day counts that are not product-verified. Enterprise customers may negotiate specific retention schedules in written agreements.

  • Category-based: Different data types follow different needs.
  • Configuration-dependent: Settings and features change retention.
  • Provider-dependent: BYOK and model providers may retain data separately.
  • Legal holds: Security and legal needs can extend retention.

Policy status

This retention policy uses category-based descriptions rather than unsupported exact-day guarantees.

  • No false precision: Exact periods depend on configuration and law.
  • Provider boundaries: Provider-side retention is acknowledged.
  • Deletion realism: Backups and exceptions are disclosed.
  • Enterprise overlays: Contracts may add schedules.

Not legal advice

These pages explain product and policy posture for Upcube / Ethen. They are not legal advice and do not replace counsel for your jurisdiction, industry, or use case.

Evidence and claim boundaries

This statement describes Ethen’s current posture without making unsupported certification or compliance claims. Configuration, provider selection, and enterprise agreements can change data paths and controls.

  • No certification claim: No SOC 2, ISO 27001, HIPAA, or PCI certification is claimed here.
  • Provider-dependent behavior: Providers may apply their own terms, logs, and retention.
  • Shared responsibility: Customers control keys, members, and integrations they enable.
  • Human responsibility: Users remain responsible for prompts, outputs, and approvals.

Related policies

Retention connects to privacy, security, BYOK, and terms.

Related policies

Frequently asked questions

Why don’t you list exact day counts for every category?

Because exact periods depend on product settings, legal obligations, backups, and provider behavior. Category-based description is more accurate than invented precision.

If I delete a chat, is it gone everywhere?

Primary product views may remove it, but backups, security logs, or provider systems may retain copies for a period.

Does BYOK change Ethen retention?

BYOK affects provider-side paths and bills. Ethen workspace records may still be retained under this policy.

Can enterprise customers set custom retention?

Written enterprise agreements may define custom schedules where supported.


Data Retention · Ethen by Upcube