Data Retention Policy

This Data Retention Policy describes how ITLOX Inc. retains, manages, and deletes data within the RadMah AI platform. It applies to all data stored by RadMah AI in connection with customer Accounts, including: — Reference Datasets uploaded by customers — Synthetic data outputs and generated artefacts — Evidence bundles and Contract K artefacts — Account data, job metadata, and usage records — Billing records and financial data — System logs and audit trails This policy should be read in conjunction with our Privacy Policy (www.radmah.ai/legal/privacy) and Data Processing Addendum (www.radmah.ai/legal/dpa). In the event of any conflict between this policy and the Privacy Policy, the Privacy Policy shall prevail with respect to personal data retention.

The table below sets out the default retention periods for each category of data. Where a range is shown in the "Configurable" column, those limits can be adjusted per-tenant by an Account administrator within the platform settings or, for Enterprise customers, via the admin configuration API.

Account administrators can customise retention periods for the following data categories within the configurable ranges in the table above: — Generation jobs — Reference Datasets — Generated Outputs To configure custom retention periods: (a) Navigate to Account Settings > Data Retention in the RadMah AI dashboard; or (b) Use the RadMah AI Admin API (Enterprise accounts): PATCH /admin/tenant/{tenantId}/retention Configuration changes take effect prospectively. Reducing a retention period does not immediately purge data already within the previous retention window — the next scheduled purge cycle will apply the new policy to data that has now exceeded the configured period. Enterprise customers requiring retention periods beyond the standard configurable maximum (for example, indefinite evidence bundle retention for long-term compliance programmes) should contact their Account Manager or legal@radmah.ai.

RadMah AI's data lifecycle management system automatically purges data that has reached the end of its configured retention period during nightly maintenance windows (UTC 02:00–04:00). Automated deletion: — Is triggered by retention period expiry, not by inactivity — Is permanent and irreversible once executed — Applies independently to each data category on its own schedule — Generates an audit log entry recording the purge event, data category, tenant ID, and timestamp (the purge log entry itself is retained for 7 years) Auto-deletion is opt-in for Reference Datasets and Generated Outputs. The default behaviour is to retain data up to the configured maximum period. Customers who wish to enable automatic deletion at the end of the retention period must explicitly enable "Auto-purge on expiry" in Account Settings > Data Retention. Evidence bundles are excluded from auto-deletion by default due to their regulatory and audit significance. Auto-deletion of evidence bundles must be explicitly enabled and requires Account administrator confirmation.

When an Account is closed — whether voluntarily by the customer or by RadMah AI for cause — the following procedure applies: Grace Period (30 days): Following Account closure, data enters a 30-day grace period during which it remains accessible to the Account administrator for export purposes only. No new jobs can be submitted during the grace period. Permanent Purge: At the end of the 30-day grace period, all customer data in scope is permanently and irreversibly deleted from live systems. This includes: — All Reference Datasets — All Generated Outputs — All evidence bundles (subject to the note below) — All job metadata — User profile data (subject to legally required retention) Evidence Bundle Exception: Evidence bundles that have not yet reached 7 years from their creation date are retained for the remainder of the 7-year period even after Account closure, to allow for future audit or regulatory requests. These bundles are retained in an isolated, access-restricted archive and cannot be accessed or modified after Account closure. Backup Persistence: Data deleted from live systems may persist in database backups for up to 35 days from the date of deletion (the backup rotation cycle). After 35 days, the data will not be recoverable from backups. Export Before Closure: Customers are strongly advised to export all Required Datasets, Generated Outputs, and evidence bundles before closing their Account. The RadMah AI API provides bulk export endpoints for all data categories.

Individuals who have the right to erasure ("right to be forgotten") under GDPR Article 17 or equivalent legislation may submit erasure requests to privacy@radmah.ai. Processing window: RadMah AI will process verified erasure requests within 30 calendar days of receipt and identity verification. Scope of erasure: Upon a valid and verified erasure request, RadMah AI will delete: — Personal data in Account profiles, user records, and communications data attributable to the individual — Personal data in usage logs and telemetry attributable to the individual, to the extent technically feasible Limitations and exemptions: Erasure will not extend to personal data that RadMah AI is required to retain under applicable law, including: — Financial and billing records (7-year statutory retention) — AML/CTF screening records (7-year statutory retention) — Evidence bundles where retention is required for compliance purposes — Data needed to defend legal claims where proceedings are pending or threatened Where erasure cannot be fully executed due to these limitations, RadMah AI will notify the requester of the specific categories of data that cannot be erased and the legal basis for retention. Reference Dataset erasure: If Reference Datasets contain personal data and you request their deletion under GDPR Article 17, RadMah AI will delete the original Reference Dataset files from live storage. This does not automatically delete Generated Outputs produced from that data (which are synthetic and typically do not contain the original personal data). If you require Generated Output deletion as well, please state this in your erasure request. Backup delay: As noted in Section 5, deleted data may persist in database backups for up to 35 days. We are unable to selectively restore or purge individual records from backup snapshots.

By default, all customer data is stored in AWS us-east-1 (Northern Virginia, USA). RadMah AI does not replicate or store customer data in other AWS regions unless the customer has explicitly configured a data residency option. Enterprise customers may request an alternative primary data region (EU-West / Ireland, or AP-Southeast) for new data ingestion. Data residency configuration must be set at Account creation or via a formal migration request. Data residency does not affect the retention periods or purge procedures described in this policy. All data is encrypted at rest (AES-256) and in transit (TLS 1.3) regardless of region.

Enterprise customers may request a retention audit report confirming: — Current retention configuration per data category — Volume of data held per category (approximate) — Date of last purge cycle execution and any errors — Confirmation of evidence bundle retention status Retention audit reports are available via the Admin API or by request to legal@radmah.ai. Reports are generated on demand and delivered within 5 business days.

RadMah AI may update this Data Retention Policy to reflect changes in the platform, applicable law, or retention best practices. We will notify registered users of material changes by email at least 30 days before those changes take effect. The current version is always available at www.radmah.ai/legal/data-retention. Data retention questions: privacy@radmah.ai Enterprise retention configuration: legal@radmah.ai