01Retention principles
Renovo keeps information only while it supports an active feature, customer instruction, security need, transaction, legal obligation, dispute, or documented operational purpose. When that purpose ends, information is deleted, overwritten, returned, or de-identified through the applicable system cycle.
02Accounts and profiles
Profile, business, preference, device, and entitlement information is generally retained while the account is active. After verified account closure, it enters the deletion cycle except for limited transaction, consent, security, dispute, and legal records that must be retained.
03Clients, quotes, files, and signatures
Client records, quotes, attachments, logos, generated PDFs, decisions, and signatures are retained while the account or record remains active and according to account-owner deletion instructions. Users should export records needed for contracts, warranties, taxes, licensing, or project disputes before deleting them or closing the account.
04Private links and downloads
Private decision tokens and signed-document download access are designed to expire or become unusable after the applicable decision or short access window. Transaction evidence may remain with the underlying quote and final document even after the public token no longer works.
05Location and maps
Location used only to center a map or return a nearby result is transient apart from ordinary provider and security logs. An address or coordinate selected and saved into a client, quote, or project record is retained with that record.
06Devices and notifications
Device identifiers, push tokens, notification preferences, and delivery status are retained while needed for linked-device security and notification delivery. They are removed or invalidated after unlinking, account closure, provider expiration, or the relevant security and deletion cycle.
07Billing and legal records
Subscription, payment-status, refund, tax, consent, invoice-reference, and purchase-channel records may be retained for accounting, fraud prevention, charge disputes, audits, and statutory periods. Renovo does not store complete card numbers in its business databases.
08Analytics, logs, and support
Optional analytics, operational logs, error records, support communications, and security events are retained only as long as reasonably needed for product analysis, service reliability, abuse prevention, support, or a documented investigation, then deleted or de-identified. A legal claim or active security matter may extend retention.
09Backups
Backups use a rolling, access-restricted lifecycle and may retain deleted information until the relevant backup is overwritten or expires. Backup data is not returned to normal production use except for disaster recovery, integrity restoration, security, or legal necessity.
10Deletion requests
Verified deletion requests are applied to active systems and then propagate through dependent systems and backups. Renovo may retain a minimal record that a request was completed and may deny or limit deletion when law, security, another person's rights, contract performance, or legal claims require retention.
11Account closure and excess storage
Before closing an account or reducing storage, the owner should download required records and remove content above the next plan limit. After applicable notice or access periods, Renovo may delete content that is no longer covered by an active account or storage entitlement, subject to law and any written customer terms.
12Legal holds and de-identification
A legal hold suspends deletion only for information reasonably related to the matter. When identity is no longer needed, Renovo may aggregate or de-identify information so it cannot reasonably be linked to a person; properly de-identified information is not treated as personal data under this schedule.