Data deletion

If you have a Unit account

The fastest path is the in-app delete button, which runs the deletion synchronously and signs you out immediately:

1. Sign in at ctrunit.app.
2. Open Settings → scroll to Delete your account.
3. Confirm by retyping your email when prompted. Your account is signed out everywhere within seconds.

You can also email [email protected] from the address you signed up with — we'll process the deletion within five business days and confirm by reply.

What happens to your account data

• Your email address is anonymised to deleted-<id>@removed.invalid so you can sign up again later with the same address.
• Your name, display name, phone, avatar, and stored preferences are wiped from the active system in the same operation.
• Your account is deactivated immediately — every session is invalidated and any active sign-in stops working on the next request.
• Encrypted backups taken before the deletion are retained for a maximum of 30 days, after which the oldest backup containing your data is overwritten by the rolling pruner. We don't restore deleted data from backup unless ordered to by a competent authority or as part of a disaster recovery exercise.
• Append-only audit log entries that name you (e.g. auth.login_success) keep your email hash for security accountability — never your raw address — for the audit retention window (currently 90 days).

If you own a workspace

A workspace owner can delete the whole workspace. This does NOT delete the owner's account — that's a separate action.

1. Sign in as the workspace owner. Only the owner can delete; admins and agents can't.
2. Open Settings. The Delete this workspace card appears for owners.
3. Confirm by retyping the workspace name.

Conversations, channels, products, and history are kept for a 30-day recovery window and then purged automatically. During that window, the Unit team can help restore the workspace; once purged, restoration is not possible.

If you're an end customer (not a Unit account holder)

If you messaged a business that uses Unit, your messages flowed through Unit on the business's behalf. Unit acts as a data processor for that business; the business is the data controller. To request deletion of the messages they hold about you:

1. Contact the business directly first. They control their workspace and can delete your conversation thread immediately. Their privacy policy or contact page should list a deletion email.
2. If the business is unresponsive, email [email protected]. Tell us the business name (or their WhatsApp number) and the phone number you messaged from. We'll forward your request to the business and delete on our side within five business days regardless of their response.

We're required to honour deletion requests under GDPR (EU customers), the UK GDPR, the Ghana Data Protection Act 2012, the CCPA (California customers), and equivalent local laws.

What we keep regardless

A short list of records that survive deletion because we're legally required to or because deleting them would compromise the safety of other users:

• Aggregated, non-identifiable analytics. Counts of messages, signups, latency percentiles, etc. — never tied back to an individual.
• Tax / billing records. Once we start charging, invoices are retained for 7 years per Ghana Revenue Authority requirements.
• Security-incident records. If your account was implicated in a security investigation (abuse, credential stuffing, etc.) we retain a hashed reference for the duration of the investigation.

How long deletion takes

• Self-serve in-app: seconds.
• Emailed request: within 5 business days. We reply confirming the deletion.
• Backup expiry: 30 days from the deletion timestamp.
• Hard purge of soft-deleted workspaces: 30 days after the owner clicks delete.

Questions or escalations

Email [email protected]. If you're in the EU and unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Ghana, the supervisory authority is the Data Protection Commission (dataprotection.org.gh).