Data Retention Policy v4.1 — Automated Purge Procedures. Customer personally identifiable information (PII) shall be automatically purged from all production systems 24 months after the last recorded account activity. Account activity is defined as any authenticated login, API call, document upload, or query execution. The automated purge process runs daily at 02:00 UTC and processes accounts in batches of 500 to minimise system load. Prior to purge, a 30-day warning notification is sent to the account email address and to the designated data controller for the organisation. If no activity occurs during the 30-day warning period, the purge proceeds irreversibly. Purged data includes user profile information, uploaded documents, query history, and associated embeddings. Aggregate, anonymised usage statistics are retained indefinitely for product improvement purposes. Audit logs recording the purge event (including the account identifier, purge timestamp, and categories of data deleted) are retained for 7 years in the compliance archive. The purge process is validated quarterly through reconciliation checks comparing purge logs against the production database.