Docs
Hilal Software
Guide
Product Research
Privacy & data
Retention & policies

Retention and policies

This page is the reference for retention windows and the policies that apply.

Retention summary

DataActive retentionAfter soft-deleteHard-delete
Search snapshotsLifetime of account~30 daysYes, on cascade-delete
WatchlistLifetime of account~30 daysYes, on cascade-delete
Chat sessions (metadata)Lifetime of account~30 daysYes, on cascade-delete
Chat message bodiesLifetime of account~30 daysYes, on cascade-delete
Export files1 hourN/A — files purged immediatelyN/A
Export records (metadata)Lifetime of account~30 daysYes, on cascade-delete
AI briefs (shared cache)48 hoursN/A — not user-personalN/A
Credit ledger7 years (regulatory)N/A — retained for auditNo

What “active retention” means

Active retention = how long Hilal keeps the data accessible to you. Lifetime-of-account means as long as your account exists, the data is in your view (unless you delete it).

When you cancel your subscription, your data is retained for 30 days in case you reactivate. After 30 days of cancellation, all research data is purged.

Backup retention

Hilal takes encrypted database backups for disaster recovery. Backup retention:

  • Daily backups: kept 7 days.
  • Weekly backups: kept 4 weeks.
  • Monthly backups: kept 12 months.

Deleted data may persist in backups for these windows; it’s not accessible to anyone (encrypted at rest, only used for restore in a disaster). Hilal does not restore from backup to recover individual deletions — once you delete, the data is gone from your account.

Geographic data residency

Hilal Software’s primary infrastructure runs in EU and US regions. Data residency for research data follows your organization’s setting:

  • Default: EU primary, US secondary (replicated for redundancy).
  • EU-only: available on request (Enterprise tier).
  • US-only: available on request (Enterprise tier).

If your organization is on the EU-only or US-only setting, only that region’s infrastructure handles your data — including AI briefs (which use Anthropic’s API in the matching region).

Which Hilal policies apply

PolicyWhere
Privacy policyhilalsoftware.tools/privacy — covers data collection, processing, third parties, GDPR, CCPA.
Terms of servicehilalsoftware.tools/terms — usage rules, IP, dispute resolution.
DPA (Data Processing Agreement)Available on request for Enterprise customers.
Sub-processor listhilalsoftware.tools/subprocessors — Anthropic, AWS, etc.

GDPR rights specifically

If you’re an EU resident or your organization is EU-domiciled:

  • Right of access — your stored data is exportable on request.
  • Right of erasure — the cascade-delete flow on this page covers this.
  • Right of rectification — edit your watchlist notes / search params; cascade-delete and re-create if you need to change something we’ve stored.
  • Right of portability — export your data via the exports feature (PDF / CSV) plus a special account-level export available on request.
  • Right to object — opt out of analytics-grade processing via Settings → Privacy → “Don’t use my data for product improvement.”

CCPA rights

If you’re a California resident:

  • Right to know — what we’ve collected. Reflected on What we collect.
  • Right to delete — the cascade-delete flow.
  • Right to opt out of sale — Hilal does not sell your data.
  • Right to non-discrimination — exercising any of the above doesn’t change your service quality.

Sub-processors that touch research data

The third parties Hilal uses for Product Research:

ProviderWhat they processWhere
AnthropicAI brief and reasoning generation; intent extractionUS (default) / EU (on request)
AWS / GCPHosting (Postgres, MongoDB, Redis, app servers)EU primary, US secondary
CloudinaryProduct image hostingMulti-region CDN
OpenExchangeRatesCurrency conversion dataUS
Google Trends (pytrends)Demand and trend dataPublic API, no per-user data sent

Reporting privacy issues

Related articles

What we collect Deleting your data
Deleting your data