5,000 Varos
Retention & Deletion Policy
Standard Statement
Varoriya AI adopts practices aligned with the principles of ISO/IEC 27001 and GDPR
(Data Minimization and Storage Limitation) as part of our preparation for formal certification.
Effective Date: By 2026
Scope
This policy applies to images, videos, audio files, prompts, metadata, and outputs generated via varoriya.com
through both the Web interface and API, including storage in V-Drive
(marking a file as Favorite is equivalent to saving it in V-Drive).
Definitions
- Web (standard): Creating/downloading files via the website without marking them as Favorite
- API: Use through API or automated programmatic access
- V-Drive / Favorite: User storage space within the Varoriya system (Favorite = saved to V-Drive)
Retention Schedule
| Usage Type | Retention Period | Details |
|---|---|---|
| API (default) | Automatically deleted within 1 hour | Temporarily stored for processing and download only. To retain permanently, the user/application must save to V-Drive |
| Web (standard) | Automatically deleted within 7 days | If not saved as Favorite, files are deleted after 7 days to comply with GDPR (Storage Limitation) |
| V-Drive / Favorite | Until deleted by the user | Subject to quota limits. Users may delete files to free space or purchase additional storage. New saves may fail if storage is full until space is available |
Important: User-initiated deletion is considered a permanent removal from the primary storage system.
Backups and Deletion Propagation
- Backups (if any) may be retained for up to 30 days for business continuity and disaster recovery purposes.
- When a deletion request is made, the data is removed from primary storage immediately and from backup sets in the next overwrite cycle, within 30 days (e.g., crypto-shredding/overwrite as appropriate).
Legal Basis and Purpose of Processing (GDPR)
- Legal bases: Contract performance Art. 6(1)(b) (providing the service), Legitimate interests Art. 6(1)(f) (security/service improvement), and Consent Art. 6(1)(a) (non-essential communications).
- Data Minimization & Storage Limitation: Data is kept only as necessary and no longer than required, per the schedule above.
User Rights
Users may:
- Access, download, or export their files
- Delete files (including those in V-Drive/Favorite) at any time (Right to Erasure – Art. 17)
- Request a portable copy of their data (Data Portability – Art. 20)
- We will respond to verified requests within a reasonable timeframe (generally within 30 days)
Data Security
- Data is encrypted in transit via TLS and encrypted at rest following industry standards
- Access control is enforced through Role-Based Access Control (RBAC) under the need-to-know principle
- Event logs are kept regarding file creation, access, and deletion for security and audit purposes (logs retained for up to 90 days)
- Regular security testing and assessments are conducted, with continuous improvement following ISO/IEC 27001 (Plan-Do-Check-Act)
Sub-processors
We may use external cloud or processing providers to run models or store files, under contractual obligations to follow equivalent security and deletion policies.
Users may request an updated list of sub-processors by contacting us.
Policy Changes
This policy may be updated to reflect changes in services or legal requirements.
We will indicate the effective date and notify users in case of significant changes.
Contact
For data subject rights requests or privacy-related inquiries: info@varoriya.com
(or via the support channels listed on the website)