Data Retention & Deletion Policy

Last Updated: January 12, 2026

This Data Retention & Deletion Policy ("Policy") describes how Hexel Studio, Inc. ("Hexel," "we," "us") retains, manages, and deletes data processed in connection with the Hexel Studio platform and Services.

This Policy is incorporated by reference into the Privacy Policy, Data Processing Addendum (DPA), and Terms and Conditions.

1. Purpose of This Policy

Hexel Studio is designed as an enterprise Agent Cloud platform with strong requirements for auditability, traceability, and governance.

Accordingly:

  • Certain data must be retained to support security, compliance, and forensic analysis
  • Other data is retained only as long as necessary to provide the Services

This Policy explains what data is retained, why it is retained, and how deletion occurs.

2. Data Categories

Hexel processes and retains data in the following categories:

2.1 Account and Configuration Data

Includes:

  • Organization and workspace metadata
  • Environment configurations
  • Agent definitions and policies
  • Access control and role assignments

2.2 Customer Content and Operational Data

Includes:

  • Data ingested from customer-configured data sources
  • Knowledge store content
  • Agent inputs and outputs
  • Execution state and checkpoints

2.3 Logs and Audit Data

Includes:

  • Authentication and access logs
  • Agent execution traces
  • Action requests and approvals
  • Error and system logs

2.4 Billing and Usage Data

Includes:

  • Metered usage records
  • Invoices and payment records
  • Subscription and plan metadata

3. Retention Principles

Hexel applies the following retention principles:

  • Data is retained only for as long as necessary to provide the Services and meet legal obligations
  • Audit and security data may be retained longer than operational data
  • Retention may vary by data type, environment, and customer configuration
  • Customers control retention settings where supported

4. Standard Retention Periods

Unless otherwise agreed in writing or configured by the customer:

4.1 Account and Configuration Data

Retained for the duration of the customer relationship and a reasonable period thereafter for legal and operational purposes.

4.2 Customer Content and Agent Data

Retained in accordance with customer configuration and usage. Deleted or anonymized upon termination, subject to Section 6.

4.3 Logs and Audit Records

Retained for a minimum period necessary to:

  • Support security investigations
  • Meet compliance obligations
  • Provide forensic traceability

Such logs may be retained beyond account termination where required by law.

4.4 Billing and Financial Records

Retained as required by applicable accounting and tax laws.

5. Customer-Controlled Retention

Where supported by the platform:

  • Customers may configure retention periods for certain data types
  • Customers may delete data manually through the Services
  • Customers are responsible for ensuring retention settings comply with applicable law

Hexel does not validate customer retention configurations for legal compliance.

6. Data Deletion

6.1 Deletion During Active Use

Customers may delete or overwrite data through platform functionality where supported. Deleted data may persist temporarily in backups or logs.

6.2 Deletion Upon Termination

Upon termination of Services:

  • Customer Content and operational data are deleted or returned in accordance with contractual terms
  • Data required for legal, regulatory, or security purposes may be retained
  • Backup copies are deleted according to standard backup cycles

6.3 Legal Holds

Hexel may retain data subject to:

  • Legal obligations
  • Government requests
  • Litigation or investigations

Such data will be deleted once the hold is lifted.

7. Deletion Methodology

Deletion may include:

  • Logical deletion
  • Secure overwriting
  • Cryptographic erasure
  • Aggregation or anonymization

The method used depends on data type and storage system.

8. Customer Responsibilities

Customers are responsible for:

  • Exporting data prior to termination
  • Configuring retention appropriately
  • Complying with applicable data protection laws
  • Informing end users of retention practices

9. Limitations

Due to the nature of distributed systems:

  • Immediate deletion from all systems may not be feasible
  • Residual data may persist temporarily in logs or backups

Hexel does not guarantee instantaneous deletion

10. Policy Updates

Hexel may update this Policy from time to time. Continued use of the Services constitutes acceptance of the updated Policy.

11. Contact Information

Questions regarding this Policy may be directed to:

Hexel Studio, Inc.

support@hexelstudio.com

https://hexelstudio.com