Data Deletion

Effective date: May 24, 2026

1. Overview

You have the right to delete data you have stored in pail at any time. This page describes the self-service and assisted paths available to you, the timelines we follow, and the small set of records we are required to retain for legal or accounting reasons. This policy supplements the rights described in our Privacy Policy.

2. Account self-service deletion

You may delete your pail account at any time from the account settings page. Account deletion initiates a 30-day retention window (matching clause 7 of our Terms of Service), during which we hold your account in a recoverable state in case the deletion was unintended. At the end of the 30-day window all artifacts, push subscriptions, API keys, and other personal data associated with the account are permanently deleted from our primary systems.

3. Artifact self-service deletion

Individual artifacts — shares, asks, reviews, statuses, traces, comparisons, clipboard entries, previews, and inbox notes — can be revoked at any time from the pail dashboard or via the API. Revoked artifacts stop serving immediately; the underlying blob is removed by the next sweeper run. You do not need to delete your account to remove specific artifacts.

4. Programmatic deletion

If you prefer to delete artifacts from an agent or script, every artifact type exposes a revoke endpoint over both REST and MCP. The most common entry points are:

  • revoke_share(share_id) — remove a share or preview.
  • preview_revoke(preview_id) — remove a hosted static-site preview.
  • inbox_archive(note_id) — remove an inbox note from active state.
  • DELETE /api/shares/{id} and sibling REST endpoints for the same actions over HTTP.

See the developer docs for the full list of revoke endpoints across each tool.

5. Hard-delete requests

If you need certified deletion before the 30-day account-retention window expires — for compliance, incident response, or any other reason — email privacy@thalos.ai from the email address on the account. Verified requests are completed within 5 business days, after which we return a written confirmation listing the systems from which your data was removed.

6. Retention exceptions

A small subset of records is retained beyond account deletion where retention is required by law or legitimate business need, as described in the Privacy Policy retention rules. These include:

  • Billing and tax records (retained as required by applicable accounting and tax laws).
  • Abuse and security audit logs (retained for up to 90 days to support investigations).
  • Records subject to an active legal hold (retained until the hold is released).

These records are stored separately from your active artifact data and are not used for any purpose other than the retention basis listed.

7. Third-party data

Payment processing is handled by Stripe, which retains billing records under its own retention rules. We cannot delete records held by Stripe directly, but when you delete your pail account we disassociate the Stripe customer record from your pail account so it no longer maps back to you within our systems. To request deletion of records held by Stripe itself, see Stripe's privacy policy.

8. Contact

Data deletion questions and certified-deletion requests: privacy@thalos.ai