AeroNyx Data Retention Policy
Explains retention for AeroNyx-operated account, support, diagnostics, node, Nodeboard, legal, payment, backup, encrypted data, and aggregate protocol records.
AeroNyx Data Retention Policy
Effective date: July 6, 2026
AeroNyx is designed to minimize the data required to operate an open privacy protocol. This Data Retention Policy explains how long AeroNyx-operated services generally retain common categories of records.
This policy applies to AeroNyx-operated services, including official websites, apps, APIs, Nodeboard, documentation, support channels, discovery services, bootstrap lists, public statistics, and related hosted services operated by AeroNyx. It does not control independent protocol nodes, third-party model providers, RPC providers, payment processors, app stores, hosting providers, or other third-party services.
1. Retention Principles
AeroNyx follows these retention principles:
- collect only what is reasonably needed to operate, secure, debug, support, and improve AeroNyx-operated services
- keep records only as long as reasonably necessary for the purpose collected
- minimize content, prefer aggregate metrics, and avoid collecting plaintext where encrypted protocol design does not require it
- protect records using technical, organizational, and administrative safeguards
- delete, aggregate, anonymize, or de-identify records when they are no longer reasonably needed
- preserve records when required by law, security, abuse handling, dispute resolution, or valid legal process
2. No-Decrypt Boundary
For end-to-end encrypted, node-blind, or user-key-protected features, AeroNyx-operated services are designed not to possess the plaintext or user-held decryption material.
Retention periods do not change that boundary. AeroNyx cannot retain, produce, or delete plaintext content it never received and cannot decrypt.
3. Retention Schedule
The following schedule describes typical retention targets for AeroNyx-operated services. Actual retention may be shorter or longer where required by law, security, abuse prevention, backups, operational continuity, user settings, or technical constraints.
| Record category | Examples | Typical retention target |
|---|---|---|
| Account and profile records | email, public identifiers, user-provided profile data | while the account is active, then up to 24 months after deletion request or inactivity unless needed longer |
| Support and direct communications | support emails, bug reports, legal notices, user-submitted screenshots or logs | up to 36 months after resolution unless needed for legal, security, or dispute reasons |
| App diagnostics and crash logs | app version, OS, crash reports, performance diagnostics | up to 12 months |
| Security and abuse signals | login risk, abuse reports, rate-limit events, suspicious activity, blocked actions | up to 24 months, or longer for serious abuse/security cases |
| Privacy Network operational records | session timing, encrypted byte counters, service health, routing status used by AeroNyx-operated services | usually 30 to 180 days unless aggregated, needed for security, or required by law |
| Aggregate protocol statistics | encrypted traffic totals, packet counts, relay counts, node health summaries, uptime summaries | may be retained indefinitely in aggregate form |
| Node operator records | node registration, public endpoint, region, capabilities, administrative contacts | while the node is active, then up to 24 months after deactivation unless needed longer |
| Nodeboard audit records | command audit logs, restart/upgrade/maintenance events, incident closure records | up to 36 months |
| Legal request records | subpoenas, warrants, preservation requests, emergency requests, correspondence, response logs | up to 7 years or longer if legally required |
| Payment and subscription records | invoices, transaction identifiers, subscription state, tax records | as required for tax, accounting, payment dispute, and compliance obligations, typically up to 7 years |
| Public content | docs comments if enabled, public community submissions, public posts | while public or as needed for moderation, legal, or archival purposes |
| Backups | encrypted service backups and disaster recovery copies | generally rotate within 90 days, unless legal hold or incident recovery requires longer |
4. Encrypted User-Controlled Data
Some AeroNyx features may allow users to store encrypted, user-controlled data such as encrypted messages, encrypted attachments, MemChain objects, or encrypted backups.
Retention for user-controlled encrypted data may depend on user settings, product configuration, local device storage, TTLs, sync status, or deletion requests. If AeroNyx-operated services do not have the keys, AeroNyx cannot read the data and may not be able to selectively identify plaintext contents inside encrypted objects.
Users are responsible for their own backups, keys, recovery phrases, and user-held decryption material.
5. Node Operator and Open Protocol Records
AeroNyx is an open protocol. Independent people and organizations may run compatible nodes. This policy covers records held by AeroNyx-operated services, not all records that may be held by independent node operators.
Independent node operators may have their own logging, retention, security, hosting, and legal obligations. Operators should minimize logs, avoid inspecting user content, and follow the AeroNyx Node Operator Policy: https://docs.aeronyx.network/articles/aeronyx-node-operator-policy.
6. Legal Holds and Preservation
AeroNyx may preserve records beyond normal retention periods when required for:
- valid legal process
- legal holds
- security investigations
- abuse investigations
- incident response
- fraud prevention
- dispute resolution
- compliance obligations
Preservation does not mean AeroNyx can decrypt encrypted content, recover user-held keys, or create records it does not already have.
7. Deletion Requests
Users may request deletion of certain personal information by contacting hi@aeronyx.network. We may need to verify the request before acting on it.
Some records may be retained despite a deletion request where needed for legal, security, abuse prevention, accounting, dispute resolution, or legitimate operational reasons. Aggregate, anonymized, or de-identified records may be retained where they no longer identify an individual user.
8. Backups and Delayed Deletion
Deleted records may remain in encrypted backups or disaster recovery systems for a limited period until backups rotate or are overwritten. During that period, backup records are not used for ordinary production purposes unless restored for disaster recovery, security, or legal reasons.
9. Changes
AeroNyx may update this policy as our products, protocol, legal obligations, and operational practices evolve.
10. Contact
For retention questions or deletion requests:
AeroNyx
Email: hi@aeronyx.network