AeroNyx Data Retention Policy

AeroNyxJuly 6, 20265 min read6 views

Explains retention for AeroNyx-operated account, support, diagnostics, node, Nodeboard, legal, payment, backup, encrypted data, and aggregate protocol records.

AeroNyx Data Retention Policy

Effective date: July 6, 2026

AeroNyx is designed to minimize the data required to operate an open privacy protocol. This Data Retention Policy explains how long AeroNyx-operated services generally retain common categories of records.

This policy applies to AeroNyx-operated services, including official websites, apps, APIs, Nodeboard, documentation, support channels, discovery services, bootstrap lists, public statistics, and related hosted services operated by AeroNyx. It does not control independent protocol nodes, third-party model providers, RPC providers, payment processors, app stores, hosting providers, or other third-party services.

1. Retention Principles

AeroNyx follows these retention principles:

  • collect only what is reasonably needed to operate, secure, debug, support, and improve AeroNyx-operated services
  • keep records only as long as reasonably necessary for the purpose collected
  • minimize content, prefer aggregate metrics, and avoid collecting plaintext where encrypted protocol design does not require it
  • protect records using technical, organizational, and administrative safeguards
  • delete, aggregate, anonymize, or de-identify records when they are no longer reasonably needed
  • preserve records when required by law, security, abuse handling, dispute resolution, or valid legal process

2. No-Decrypt Boundary

For end-to-end encrypted, node-blind, or user-key-protected features, AeroNyx-operated services are designed not to possess the plaintext or user-held decryption material.

Retention periods do not change that boundary. AeroNyx cannot retain, produce, or delete plaintext content it never received and cannot decrypt.

3. Retention Schedule

The following schedule describes typical retention targets for AeroNyx-operated services. Actual retention may be shorter or longer where required by law, security, abuse prevention, backups, operational continuity, user settings, or technical constraints.

Record categoryExamplesTypical retention target
Account and profile recordsemail, public identifiers, user-provided profile datawhile the account is active, then up to 24 months after deletion request or inactivity unless needed longer
Support and direct communicationssupport emails, bug reports, legal notices, user-submitted screenshots or logsup to 36 months after resolution unless needed for legal, security, or dispute reasons
App diagnostics and crash logsapp version, OS, crash reports, performance diagnosticsup to 12 months
Security and abuse signalslogin risk, abuse reports, rate-limit events, suspicious activity, blocked actionsup to 24 months, or longer for serious abuse/security cases
Privacy Network operational recordssession timing, encrypted byte counters, service health, routing status used by AeroNyx-operated servicesusually 30 to 180 days unless aggregated, needed for security, or required by law
Aggregate protocol statisticsencrypted traffic totals, packet counts, relay counts, node health summaries, uptime summariesmay be retained indefinitely in aggregate form
Node operator recordsnode registration, public endpoint, region, capabilities, administrative contactswhile the node is active, then up to 24 months after deactivation unless needed longer
Nodeboard audit recordscommand audit logs, restart/upgrade/maintenance events, incident closure recordsup to 36 months
Legal request recordssubpoenas, warrants, preservation requests, emergency requests, correspondence, response logsup to 7 years or longer if legally required
Payment and subscription recordsinvoices, transaction identifiers, subscription state, tax recordsas required for tax, accounting, payment dispute, and compliance obligations, typically up to 7 years
Public contentdocs comments if enabled, public community submissions, public postswhile public or as needed for moderation, legal, or archival purposes
Backupsencrypted service backups and disaster recovery copiesgenerally rotate within 90 days, unless legal hold or incident recovery requires longer

4. Encrypted User-Controlled Data

Some AeroNyx features may allow users to store encrypted, user-controlled data such as encrypted messages, encrypted attachments, MemChain objects, or encrypted backups.

Retention for user-controlled encrypted data may depend on user settings, product configuration, local device storage, TTLs, sync status, or deletion requests. If AeroNyx-operated services do not have the keys, AeroNyx cannot read the data and may not be able to selectively identify plaintext contents inside encrypted objects.

Users are responsible for their own backups, keys, recovery phrases, and user-held decryption material.

5. Node Operator and Open Protocol Records

AeroNyx is an open protocol. Independent people and organizations may run compatible nodes. This policy covers records held by AeroNyx-operated services, not all records that may be held by independent node operators.

Independent node operators may have their own logging, retention, security, hosting, and legal obligations. Operators should minimize logs, avoid inspecting user content, and follow the AeroNyx Node Operator Policy: https://docs.aeronyx.network/articles/aeronyx-node-operator-policy.

AeroNyx may preserve records beyond normal retention periods when required for:

  • valid legal process
  • legal holds
  • security investigations
  • abuse investigations
  • incident response
  • fraud prevention
  • dispute resolution
  • compliance obligations

Preservation does not mean AeroNyx can decrypt encrypted content, recover user-held keys, or create records it does not already have.

7. Deletion Requests

Users may request deletion of certain personal information by contacting hi@aeronyx.network. We may need to verify the request before acting on it.

Some records may be retained despite a deletion request where needed for legal, security, abuse prevention, accounting, dispute resolution, or legitimate operational reasons. Aggregate, anonymized, or de-identified records may be retained where they no longer identify an individual user.

8. Backups and Delayed Deletion

Deleted records may remain in encrypted backups or disaster recovery systems for a limited period until backups rotate or are overwritten. During that period, backup records are not used for ordinary production purposes unless restored for disaster recovery, security, or legal reasons.

9. Changes

AeroNyx may update this policy as our products, protocol, legal obligations, and operational practices evolve.

10. Contact

For retention questions or deletion requests:

AeroNyx
Email: hi@aeronyx.network