← Back to Login

User Data Deletion Instructions — Kronos AI

Last Updated: May 22, 2026

Kronos AI ("Kronos," "we," "us") provides businesses with tools to manage and respond to messages across connected channels and to operate AI agents against connected applications. This page explains how authorized users, end customers, and upstream platforms (Meta, Shopify, others) can request deletion of personal data processed through Kronos, what we delete, on what timeline, and how our sub-processors are instructed.

1) Who Can Request Deletion

A) Authorized users (business accounts)

If you are an authorized user of a business using Kronos, you may request deletion of:

  • Your Kronos user profile data (account identifiers, settings, sessions).
  • Workspace data associated with your access, to the extent permitted by your organization.

Note: Your organization (the Kronos Customer) may control the workspace and connected channels. In some cases, we may require the request to be confirmed by the workspace owner/admin.

B) End users / data subjects (messaging contacts and store customers)

If you interacted with a business that uses Kronos (for example, you messaged the business on Instagram, Messenger, or WhatsApp, or you placed an order in a Shopify store the business operates), the business is typically the controller of your data. In most circumstances you should contact that business directly first.

If the business instructs Kronos to delete your data, or if your upstream platform sends a deletion request through its standardized webhook (see Section 7), Kronos will process the request according to the instructions and applicable law within 30 days.

2) What Data Can Be Deleted

Depending on the request and the Customer's configuration, deletion may include:

  • Kronos account profile information (name, email, authentication identifiers).
  • Workspace metadata (roles, permissions, audit logs tied to the user).
  • Connected channel and application identifiers stored in Kronos (page IDs, account IDs, store subdomains, connection metadata).
  • Conversation records stored in Kronos (message content, timestamps, metadata, labels, tags).
  • AI-generated outputs stored in Kronos that are linked to the conversation or workspace (summaries, classifications, suggested replies), if retained by the Customer's settings.
  • Tool-execution audit entries (metadata-only rows recording Composio-brokered calls — tool name, status, duration; never payloads).
  • Vault-stored access secrets used by integrations.
  • Technical logs and security records, where feasible.

Important: Some information may be retained for a limited period if required for security, fraud prevention, billing, tax, or legal obligations. Backups may persist for the duration of their normal rotation cycle and are then overwritten.

3) How to Submit a Deletion Request

Send an email to: [email protected]

Subject line: "Data Deletion Request"

Please include:

  • Your full name.
  • The email address associated with your Kronos account (if applicable).
  • The business / workspace name (if known).
  • The connected channel or application involved (Instagram, Messenger, WhatsApp, Telegram, Shopify, Gmail, voice, others) and your profile / handle / customer identifier in that platform.
  • A clear description of what you want deleted (account, workspace data, specific conversations, specific Shopify-customer-related references, or everything associated with you).

We may request additional information to verify your identity and to locate the data across the channels and integrations in scope.

4) Verification, Timeline, and Sub-Processor Cascade

For security reasons, we may need to verify that you are the account holder or an authorized representative. Once verified, we will:

  • Complete the deletion in Kronos' production systems.
  • Instruct the relevant sub-processors (for example, Composio for OAuth tokens and tool-execution data; Supabase for storage) to delete the corresponding records.
  • Allow normal backup rotation to overwrite remaining traces.
  • Send confirmation to the requester.

The end-to-end action is completed within 30 days of receipt of a valid request, subject to:

  • Technical feasibility (some records may not be deletable individually inside a packed backup; in that case the backup is overwritten on schedule).
  • Customer instructions (where the Customer is the controller).
  • Legal and compliance requirements (for example, anti-fraud or tax retention).

5) Deletion Through the Customer (Businesses Using Kronos)

If you are an end user who contacted a business using Kronos, or if you are a shopper whose order or customer record lives in a business's Shopify store that connects to Kronos, you can request deletion by contacting the business directly. The business can then:

  • Delete the conversation data and the underlying source records within its own systems (Shopify, Meta, etc.); and/or
  • Instruct Kronos to delete data stored in Kronos, where applicable.

6) What Happens After Deletion

Once your deletion request is completed:

  • Data is removed or anonymized from active production systems where reasonably feasible.
  • Certain backups may persist for a limited period and are overwritten according to our normal backup rotation; deleted records do not return to production from those backups.
  • Sub-processors are instructed to remove the corresponding records on their side; their independent retention rules may apply (see Section 9).
  • Some records may be retained where required by security, fraud prevention, billing, tax, or legal compliance obligations.

7) Platform-Mandated Deletion Webhooks

Upstream platforms operate standardized deletion-request flows for apps that store user data. Kronos honors the following:

A) Meta (Facebook / Instagram / WhatsApp) Data Deletion Callback

When Kronos is used with Meta products and a valid deletion request is received via Meta's user data deletion mechanism, Kronos will:

  • Confirm receipt of the request.
  • Perform deletion or anonymization of the corresponding data stored in Kronos.
  • Provide confirmation consistent with Meta's requirements.

B) Shopify Mandatory Compliance Webhooks

Kronos is registered with Shopify as a public-distribution app and subscribes to the three mandatory compliance webhooks Shopify defines for apps that touch customer data. Each endpoint validates the incoming X-Shopify-Hmac-Sha256 signature against the app's client secret, returns HTTP 401 if the signature is invalid, and returns a 200 series status on successful receipt. The substantive action is completed within 30 days.

  • customers/data_request — when an end customer of the merchant submits a personal-data access request through Shopify, Kronos receives the request payload (shop_id, shop_domain, customer identifier, optional list of order IDs, request id). Kronos locates the data it holds associated with that customer identifier across conversation transcripts, AI-agent audit entries, and any references in workspace metadata; the resulting data export is delivered to the merchant for them to forward to their end customer.
  • customers/redact — when an end customer requests deletion through Shopify, Kronos receives the payload (shop_id, shop_domain, customer identifier, optional list of order IDs to redact). Kronos scrubs the corresponding identifier from conversation messages and audit entries, redacts any quoted customer-attributable data where reasonably feasible without destroying the conversation history needed for legitimate business records, and instructs Composio to delete its own record of tool-call payloads associated with that customer.
  • shop/redact — 48 hours after the merchant uninstalls the Kronos app from their Shopify store, Shopify sends a payload containing shop_id and shop_domain. Kronos deletes the integration record, the linked conversations and messages, the tool-execution audit entries, and the workspace assets associated with that shop; revokes the Composio connection so the OAuth token is invalidated; and removes vault-stored references.

Endpoints (HMAC-verified, idempotent, 200/401 contract): /api/webhooks/shopify/customers-data-request, /api/webhooks/shopify/customers-redact, /api/webhooks/shopify/shop-redact.

C) Other connected applications

For connected applications that do not operate a standardized mandatory deletion webhook (for example, Gmail), deletion of upstream platform data is performed by the user inside that platform's own settings. Kronos honors the corresponding deletion of its own local references through Section 3.

8) ARCO Rights — Mexico (LFPDPPP)

Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), in force since March 21, 2025, recognizes four core data-subject rights known as ARCO:

  • Acceso — obtain a copy of the personal data Kronos processes about you.
  • Rectificación — correct inaccurate or incomplete personal data.
  • Cancelación — request that we cease processing and erase personal data subject to legal retention obligations.
  • Oposición — object to the processing of personal data on grounds relating to your particular situation.

To exercise an ARCO right, contact [email protected] with the information requested in Section 3. We respond within 20 business days of verifying the identity of the requester, extendable by an additional 20 business days where permitted by Article 32 of the LFPDPPP. Equivalent rights are honored for data subjects in the European Economic Area, the United Kingdom, California, and any other jurisdiction whose data-protection law applies.

9) Sub-Processor Retention — Independent Rules

Kronos instructs its sub-processors to delete corresponding records when a deletion is performed in Kronos. However, some sub-processors operate under their own retention rules for operational, security, or regulatory reasons:

  • Composio deletes the OAuth connection record when Kronos disconnects an integration; its execution audit retention follows Composio's own policy. Kronos' local audit table is bounded to 30 days and is fully purged on account cancellation.
  • Twilio may retain voice-call records on its own infrastructure for up to 3 years independently of Kronos' retention. End-of-life deletion of Twilio-side records must be requested by you directly to Twilio.
  • Meta, Telegram, Google, Groq, OpenRouter, and other sub-processors apply their own retention policies as published.
  • Supabase (database, storage, vault) processes deletion through normal SQL operations and backup rotation. Encrypted backups overwrite on schedule.

Where applicable, Section 6 of the Privacy Policy lists each sub-processor with their own privacy policy link.

10) Account Cancellation — Automatic Purge

When a Customer cancels its plan, Kronos automatically executes a server-side purge that removes the following categories of operational data without further user action:

  • AI agent configurations, knowledge bases, agent files, agent permissions.
  • Integration records, vault-stored access secrets, and all linked conversations and messages.
  • Tool-execution audit entries (Composio activity log).
  • Contacts, CRM notes, alerts, workflow executions, push subscriptions, notifications.
  • Voice conversation transcripts and summaries.
  • Workspace teams and team memberships.

Items intentionally retained beyond cancellation as billing or compliance history (and not user-operational data) include billing usage, AI-cost metrics, MercadoPago subscription records, regulatory bundle records for voice provisioning, and security audit trails. These records do not contain message content or end-customer personal data.

Detailed table of categories and retention rules is available in Section 7 of the Privacy Policy.

11) Contact

Kronos AI — Privacy

Privacy / Data Protection Officer: [email protected]

Legal: [email protected]

Security incidents: [email protected]

Support: [email protected]

Voice Channel Data

For tenants who activated the agentic-calls voice channel, the deletion flow has two separate retention tracks:

  • KYC documents (RFC, INE, proof of address) uploaded during number provisioning are deleted automatically 30 days after the Twilio regulatory decision, independent of your subscription state. A daily cron sweeps the private storage bucket and unsets the document references on the provisioning row. The provisioning row itself (bundle SID, status, decision date) stays as a billing-history artifact.
  • Call transcripts, summaries, and conversation rows are operational data — purged on plan cancellation via the same purge_user_operational_data function that handles your chat conversations. Voice rows cascade alongside chat rows; there is no voice-only retention to manage separately on cancel.
  • Billing usage (minutes consumed per billing period) is retained beyond cancellation as billing history, separately from the operational purge — same treatment as ai_usage_logs and other billing-side tables.
  • Twilio side: if you cancel, Kronos releases the provisioned phone number back to Twilio. Twilio's own retention of the call records on their side follows their policy and is outside our control. Per the terms you accepted when creating your Twilio account, Twilio may retain call data for up to a maximum of 3 years on their infrastructure, independent of Kronos. You may need to contact Twilio separately for end-of-life deletion of the records they hold.

Audio of calls is NEVER persisted by Kronos. Calls are transcribed in real time and only the text representation is stored — there is no audio recording to delete because there is none.

© 2026 Kronos AI. All rights reserved.

User Data Deletion | Kronos AI | Kronos AI