cya. Back to home
Legal · Data deletion

Delete your data.

It's your data. You can take it back at any time. This page explains what we delete, how long it takes, and how to make it happen, in plain language and in line with GDPR Article 17, the CCPA right to deletion, and equivalent privacy laws.

Effective: 1 May 2026 Last updated: 7 May 2026 Response within 30 days

Who can request deletion

Any person whose personal data we hold can ask us to delete it. That includes:

  • Account holders. Anyone who has signed up for Cya, free or paid.
  • Captured contacts. If a Cya user saved your details (for example, after meeting you at an event), you can ask us to delete that record even if you have never used the app.
  • Authorized representatives. A parent, guardian, or legal agent acting on someone's behalf, with proof of authority.

What gets deleted

When we process a deletion request, we permanently remove the personal data tied to your identifier from our production systems, including:

  • account profile (name, email, phone, photo, password hash);
  • captured contacts you saved, with their names, roles, companies, emails, phones, photos, and notes;
  • voice recordings, transcripts, and OCR images you produced;
  • workspace memberships, role assignments, and admin settings;
  • device tokens, push subscriptions, and sync keys;
  • billing records that are no longer required for tax or accounting law;
  • analytics and product-usage events linked to your identifier.

What we may keep, and why

We may retain a limited subset of data after deletion when we have a legal obligation or a legitimate ground that overrides the deletion right. In each case the data is locked down, separated, and used only for the stated purpose:

  • Tax and financial records. Invoices and payment ledgers, kept for the period required by tax law (typically 7 years).
  • Security and fraud logs. Authentication and abuse logs, kept for up to 12 months in immutable storage.
  • Backups. Encrypted backups, overwritten on a rolling 35-day cycle. Your data is removed from a backup the next time that backup is rotated.
  • Aggregated analytics. Statistics that no longer identify you (for example, "X captures last month") are not deleted, because they are not personal data.

How to delete

For your security, deletion is always confirmed inside the Cya app. Tapping the button at the bottom of this page opens Cya straight to the confirmation screen.

STEP 1

Open the confirmation

Tap Delete my data in the app below, or open Cya manually and go to Settings → Account → Delete account.

STEP 2

Confirm it's you

Confirm with your password or biometrics, then tap Delete permanently. You'll get a confirmation email and a 7-day grace period to undo if you change your mind.

Captured-contact requests If you are not a Cya user but believe one of our users saved your contact information, email support@cyalater.app with your full name, the email address that was likely saved, and the event or company context if you remember it. We will search every workspace and remove your record without naming the user who saved it.

What happens after you ask

  1. We acknowledge within 72 hours. You get an email confirming we received the request and the reference number we will use to track it.
  2. We verify your identity. For account holders, the email on file is enough. For captured contacts, we may ask one or two clarifying questions to make sure we delete the right record and not someone else's.
  3. We delete from production within 30 days. Your data is removed from live systems, search indexes, caches, and any third-party processors that hold it on our behalf.
  4. We rotate it out of backups within 35 days after that. Backups are encrypted and overwritten on a rolling cycle.
  5. We confirm completion in writing. You receive a final email itemizing what was deleted and what was retained under a legal hold, with the legal basis for any retention.

Third parties we instruct to delete

When we delete your data, we also issue deletion instructions to the sub-processors that handled it on our behalf, including:

  • Cloud infrastructure (compute, storage, databases);
  • Email and notification providers (transactional mail, push);
  • Customer support tools (helpdesk, ticketing);
  • Analytics and error monitoring;
  • Payment processors (subject to financial-record retention).

If you previously synced contacts to a CRM you control (for example, HubSpot or Salesforce), data already exported to that CRM lives under your control. We can disconnect the integration, but you must delete the records inside that CRM yourself or ask its support team. We will tell you exactly which integrations were active when we close out your request.

Your other rights

Deletion is one right among several. Depending on your jurisdiction you may also have the right to:

  • Access. Get a copy of the personal data we hold about you, in a portable format.
  • Rectification. Correct inaccurate or incomplete data.
  • Restriction or objection. Pause or limit certain processing.
  • Withdraw consent. For any processing that relied on consent, with effect going forward.
  • Lodge a complaint. With your national data-protection authority (in the EU, the supervisory authority where you live or work).

To exercise any of these, email support@cyalater.app. There is no charge for a first request in any 12-month period; for repeat or manifestly excessive requests we may charge a reasonable fee or refuse, in which case we will tell you why.

When we may decline a request

In a small number of cases we are required to keep data and will explain in writing if we cannot fully delete it. The most common reasons are:

  • compliance with a tax, accounting, or other legal obligation;
  • establishing, exercising, or defending a legal claim;
  • preventing fraud, abuse, or unauthorized access;
  • an unverifiable request where we cannot confirm you are the person the data relates to.

If we decline in part, the rest of your data is still deleted on the standard timeline.

Changes to this page

If we change how data deletion works, we will update this page and bump the effective date at the top. For material changes we will also notify active account holders by email.

Make a deletion request

For your security, deletion is confirmed inside the Cya app where we can verify it's really you. Tap below to open Cya straight to the confirmation screen — no forms, no follow-ups.

Delete my data in the app or open Cya · Settings → Account → Delete account

Don't have the app? Download for iOS · Download for Android