Data Retention & Deletion Policy

1. Overview

Vibble retains personal data only for as long as required to deliver services, comply with law, protect user safety, mitigate platform abuse, resolve disputes, and maintain operational integrity. Data that is no longer required is securely deleted or anonymized.

2. Categories of Data We Retain

• Account Data: username, email, age, device identifiers
• Content Data: posts, replies, media, messages
• Technical Logs: IP logs, timestamps, security events
• Behavioral Signals: likes, reposts, follows, muting/blocking activity
• Financial Data: purchases, payouts, subscription records
• Safety & Enforcement Records: reports, appeals, strikes, moderation logs

3. Standard Retention Timelines

• Account data: retained until account deletion
• User-generated content: retained while account is active
• Deleted posts/media: purged within 30–90 days
• Direct messages: retained until both parties delete
• Security logs: 12–36 months
• IP logs & device identifiers: 6–24 months
• Financial records: 3–7 years (tax law)
• Law enforcement holds: retained until legal order expires

4. Extended Retention Conditions

• Fraud, ban evasion, or repeated abuse investigations
• Legal claims, disputes, or regulatory inquiries
• Active appeals or safety escalations
• Compliance with law enforcement preservation requests

5. Deletion Process

When a user deletes their account, the deletion enters a 30–60 day reversible grace period. After this period, all personal data is scheduled for permanent deletion, unless retention is required by law or safety obligations.

6. User Rights

• Right to Access
• Right to Correction
• Right to Deletion
• Right to Restrict Processing
• Right to Portability
• Right to Withdraw Consent

7. Contact

Privacy Office: privacy@vibble.to
DPO: dpo@nexa-group.org