Effective date: 2026-04-30
Version: 1.0.0
This Policy supplements our Privacy Policy. We retain personal data for the longest of: (a) period required by law, (b) period necessary to defend against claims, and (c) period required to operate, secure, and improve the Service.
| Category | Retention | Trigger |
| Account & profile | Life of account + 6 years | Account closure |
|---|---|---|
| Stripe payment metadata | 7 years | Charge date |
| AI prompts (live processing) | 30 days for safety review, then deleted | Submission |
| AI outputs you saved | Life of account + 30 days | Account closure |
| Source assets you uploaded (videos, images, audio) | Life of account + 30 days | Account closure |
| OAuth tokens (Google / TikTok / Meta) | 24 hours after disconnection | Disconnect |
| Authentication & session logs | 24 months | Event date |
| Server / access logs (raw) | 90 days | Event date |
| Server / access logs (aggregated) | Indefinite (anonymized) | n/a |
| Marketing-list data | Until unsubscribe + 12 months | Unsubscribe |
| Cookie consent records | 24 months | Consent date |
| Backups | 35 days rolling | Backup date |
| DMCA takedown notices and counter-notices | Indefinite (legal hold / repeat-infringer policy) | Receipt |
| Repeat-infringer audit log | Indefinite | Strike issued |
| Suspended-account / banned-account records | Indefinite | Suspension |
| De-identified aggregate analytics | Indefinite | n/a (not personal data) |
Legal hold
Records relevant to actual or anticipated legal proceedings, government investigations, regulatory inquiries, audits, DMCA actions, or platform-policy disputes are preserved beyond standard retention regardless of any deletion request, until all matters are resolved.
End-of-retention process
- Production deletion within 35 days of next backup cycle
- Where deletion is not feasible, anonymization
- Hard copies shredded; digital copies wiped
Your right to early deletion
Email [email protected] with subject DSR Request — Deletion. We honor requests except for data subject to legal retention, active engagements, defense of claims, repeat-infringer / suspension audit logs, or de-identified data. Response within 30 days (GDPR) / 45 days (CCPA).
Backups
Encrypted backups retain residual copies for up to 35 days post-deletion; not actively accessed; overwritten on next rotation.
Legal Entity
Contentko is a service operated by:
BCAX LLC
30 N Gould St Ste R
Sheridan, WY 82801
United States of America
Employer Identification Number (EIN): 42-2153191
State of formation: Wyoming, USA
This entity is the data controller and contracting party for all users of contentko.com.
Governing Law & Jurisdiction
These terms are governed by the laws of the State of Wyoming, United States, without regard to its conflict-of-laws principles. The exclusive forum for any dispute shall be the state and federal courts located in Sheridan County, Wyoming, except where applicable consumer-protection law of your country of residence grants you a non-waivable right to a local forum.
Contact
Legal & data-protection inquiries: [email protected]
For data-subject-rights requests (access, deletion, portability, objection), use the same email with subject line DSR Request. We respond within 30 days as required under GDPR Article 12 and within 45 days under California CCPA §1798.130.