AimVisibleLegal
AimVisible · Legal

Data deletion instructions

Effective 4 May 2026

AimVisible holds two categories of information that you can ask us to delete: operator account data (the email, name, role, and audit trail of someone who logs in to the Platform), and brand-connected data (information a brand has authorised the Platform to read from Shopify, Meta, Google Ads, Klaviyo, Gmail, or any other connected system).

This page describes how to request deletion of either, what actually happens when you do, and how long it takes. The same process applies whether your request originates from a Meta consent page, a Google Ads operator, a brand wishing to wind down an engagement, or an individual exercising rights under the Privacy Act, GDPR, or CCPA.

I

How to request deletion

Send an email to privacy@aimvisible.com from the email address associated with the account or engagement. Include the following so we can locate your records and confirm authority:

  • Who you are — operator name and email, or brand name and the email of an authorised representative.
  • What to delete — the operator account, a specific brand's data, a specific connected platform (e.g. "disconnect Meta and delete the cached ad performance data"), or all of the above.
  • Reason (optional) — for example "ending engagement", "data subject request", "Meta consent revocation".
  • Authority — for brand-level deletions, confirmation that you are authorised to act on the brand's behalf. We may ask for additional verification.

Alternatively, brand operators with admin role on a tenant can initiate deletion from inside the Platform: open the brand's Connections page, click the connected platform, and use "Disconnect and remove data". This revokes our access tokens and queues the cached data for deletion under the schedule below.

For Meta users specifically: if you have authorised AimVisible via Facebook Login and you wish to revoke that authorisation, you can also do so directly in your Facebook account at Settings & Privacy → Settings → Apps and Websites. Revoking from Facebook will trigger a deletion request to AimVisible automatically.

II

What gets deleted

When we receive a verified deletion request, we will:

  • Revoke any active access tokens for the connected platforms in scope.
  • Delete the cached records pulled from those platforms — orders, ad performance rows, customer profiles, email engagement events, ad creative metadata, email-thread summaries, and any AI-generated artefacts derived from them.
  • Delete any brand-uploaded assets (logos, product photos, fonts) stored in the Platform.
  • Delete operator session records and personal-account information, where the request is for operator-level deletion.
  • Remove the brand from any future scheduled deliverables and disable webhooks.

Some records are retained in a limited, de-identified form for legal and security obligations:

  • Audit log entries — recording that an action was taken on a given date — are retained for seven years to satisfy security and dispute-resolution obligations. They are stripped of personal identifiers before retention.
  • Aggregate, anonymised analytics that cannot be tied back to any individual or brand may be retained indefinitely.
  • Records held under a legal hold (e.g. a regulatory request or pending litigation) are retained until the hold is released.

We do not sell personal information and have not done so. There is no third-party recipient to whom we need to forward your deletion request, beyond our sub-processors. The current sub-processor list is in section IV of our Privacy Policy.

III

Timeline

Acknowledgement
Within 3 business days of receipt.
Verification
Up to 7 calendar days, where additional confirmation of authority is needed.
Token revocation
Within 24 hours of verification.
Cached data deletion
Within 30 calendar days of verification.
Sub-processor cascade
Within 60 calendar days for any record propagated to a third-party sub-processor (e.g. cached error reports in Sentry).
Confirmation
We will send a confirmation email to the originating address once deletion is complete.

For Meta users following an automated deletion callback from Facebook, our deletion endpoint returns a confirmation URL and tracking code that Facebook surfaces to you within Facebook itself. The same 30-day cached-data deletion window applies.

IV

Things to know

Once data is deleted, we cannot restore it. If you reconnect a previously deleted brand to AimVisible, we will sync fresh data from the connected platforms — but historical analyses, weekly briefs, and AI-generated artefacts that depended on the deleted records will not return.

Deleting AimVisible's cached data does not delete the source data on the connected platform itself. Your Shopify orders, Meta ad accounts, Klaviyo subscribers, and so on remain on those platforms regardless of whether AimVisible holds a copy. To delete data at the source, follow each platform's own deletion process.

Deleting an operator account does not, on its own, delete the data of brands that operator was assigned to. To delete a brand's data, the request must come from someone authorised on that brand's behalf.

V

Contact

All deletion requests: privacy@aimvisible.com. General questions: hello@aimvisible.com. We aim to respond within three business days.