Whitmore

Legal

Data Deletion Instructions

Last Updated: April 28, 2026

Whitmore AI, Inc (“Company,” “we,” “us”) gives you the right to request deletion of your personal data at any time. This page explains exactly what data we delete, how to submit a request, how long it takes, and what we're legally required to retain. For the broader policy governing how we handle your information, see our Privacy Policy.

1. How to Request Deletion

There are two ways to request deletion of your data:

  • In-product (recommended). If you have a Whitmore account, sign in and go to Account Settings → Delete Account. This initiates deletion of your account and the personal data associated with it.
  • By email. Send a message to privacy@heywhitmore.ai with the subject line “Data Deletion Request”. Include the email address associated with your account (or, if you contacted us through Facebook or Instagram, the page/handle you contacted us from) so we can locate your records. We may ask you to verify your identity before we process the request.

If you reached us through a Whitmore-operated Facebook or Instagram presence and would like the messages you exchanged with us removed from our systems, the same email request works — tell us the platform and the page/handle you messaged.

2. What Gets Deleted

When we process a deletion request we remove:

  • Account profile data— email address, business name, business website, contact information, and any preferences or settings you configured
  • Authentication data— passwords, session tokens, and any third-party identity-provider linkages
  • Connected-integration data— access tokens, scopes, and metadata for any third-party services (Google Calendar, Google Analytics, Meta / Facebook / Instagram, Composio integrations, Canva, Notion, etc.) you connected to your Whitmore account, plus the data those services returned and we cached on your behalf
  • Messages, transcripts, and recordings— SMS messages, voice-call transcripts, voice audio recordings, web-chat conversations, and Facebook/Instagram messages tied to your account
  • AI processing artifacts— prompts, retrieved business context, tool-call parameters, and AI-generated responses produced when the AI handled communications on your behalf
  • Tasks, contacts, and conversation history stored on your behalf in the Service
  • Demo-request and lead-form submissions if you submitted those without creating an account

3. Timeline (90-Day SLA)

We will complete deletion within 90 days of receiving a verified deletion request, subject to the legal-retention exceptions described in Section 4 below. In practice most deletions complete sooner. The timeline breaks down as:

  • Live database removal: within 7 days of a verified request, your records are removed from our active production systems and are no longer accessible via the Service or support tools.
  • Backup roll-off:our encrypted database backups are retained on a rolling 30–90 day window depending on the backup tier. Deleted records persist in those backups until they age out, after which the backup snapshots no longer contain your data. We do not restore deleted records from backup except where required by law (e.g., a court order).
  • Log/audit roll-off: system and audit logs that may incidentally reference your identifiers age out within 90 days as part of standard log rotation.

Once the full 90-day window has elapsed, your personal data has been removed from active systems and aged out of backups, except as noted in Section 4.

4. What We're Legally Required to Retain

Some records are retained beyond account closure where retention is required by law or necessary to defend against legal claims:

  • Financial records— invoices, payment records, and tax-relevant documentation, retained for the period required by U.S. tax and accounting law (typically 7 years)
  • Dispute and legal-hold records— if your account is subject to an active dispute, investigation, subpoena, or legal hold, the relevant records are preserved until that matter is resolved
  • Fraud / abuse signals— minimal identifiers necessary to prevent re-creation of an account that was closed for terms-of-service violations
  • Aggregated and de-identified data— data that has been aggregated or de-identified such that it cannot be linked back to you may be retained beyond account closure for product analytics and improvement

These retained records are stored in restricted-access systems and are used only for the specific purpose that justifies their retention.

5. Third-Party Cascades

When you use Whitmore we route certain data through service providers (e.g., Vercel for hosting, Supabase for the database, Cloudflare for edge protection, Twilio for SMS/voice, Anthropic for AI inference, ElevenLabs for voice synthesis). When we delete your account we also:

  • Disconnect any third-party integrations you authorized so we no longer have tokens to access those services on your behalf
  • Remove your records from the data stores we control at those subprocessors
  • Rely on each subprocessor's own retention policy for any incidental processing logs they hold (their policies are summarized on the Security page and in our Privacy Policy)

If you also want your data removed from a third-party service you connected (for example, a Google account or a Meta page), you must contact that service directly — we cannot delete records held in your own third-party accounts.

6. Confirmation

Once your deletion request is complete we will email you confirmation at the address on file. If you do not receive confirmation within 90 days of submitting your request, please email privacy@heywhitmore.ai and we will follow up.

7. Contact

For all data-deletion requests, questions about this page, or to escalate a request that has not been resolved:

  • Email: privacy@heywhitmore.ai (subject: “Data Deletion Request”)
  • Mail:Whitmore AI, Inc — 1789 Birdhaven Ln, Wendell, North Carolina 27591