Data Deletion Instructions
This page is required by Meta (Facebook + Instagram) for app review. Public URL when live: https://nexusdijital.com/data-deletion
You have full control over your data on Nexus Dijital. This page explains how to delete it.
Option 1 — Delete from inside the app (recommended)
- Log in at https://app.nexusdijital.com.
- Open Settings → Account.
- Click Delete my account.
- Confirm with your password or passkey.
- A 30-day grace period begins — you can cancel by logging back in within that window.
- After 30 days, all personal data is permanently erased, except: - Records we must retain by Turkish tax law (invoices, 10 years) - Anonymized audit logs (365 days, no PII) - Encrypted backups (auto-purged after 30-day retention)
You will receive a confirmation email when deletion completes.
Option 2 — Delete only Facebook / Instagram connection
If you only want to disconnect a Facebook Page or Instagram account from Nexus Dijital but keep your account:
- Log in at https://app.nexusdijital.com.
- Open Brand → Connections.
- Find the platform connection (Facebook Page or Instagram account).
- Click Disconnect.
- We immediately delete the encrypted OAuth tokens, page IDs, and analytics caches tied to that connection. Posts already published remain on the platform; only the connection metadata is removed from our system.
You can also revoke access directly from Facebook → Settings → Business Integrations or Instagram → Settings → Apps and Websites, which will likewise invalidate our access on the platform's side.
Option 3 — Email request
Email [email protected] from the email address on your account with the subject "Data Deletion Request".
We will: 1. Acknowledge within 48 hours. 2. Verify your identity (we may ask you to confirm by replying from the registered email). 3. Process the deletion within 30 days (per KVKK Art. 13 and GDPR Art. 12). 4. Send you a written confirmation of deletion.
If your request relates only to data we received from Facebook/Instagram, state that in the request — we'll process that subset only.
What data is deleted
When you delete your account, we remove:
- Your profile (name, email, avatar, locale)
- Your authentication credentials (passkeys, password hash, MFA secret)
- Your Workspace(s) and Brand(s) you own (if shared with others, you may need to transfer ownership first — we will guide you)
- Brand KB content, brand assets, generated content history
- Connected social account metadata and OAuth tokens
- Comments / DM cache
- Billing and payment-method tokens (we do not store card numbers; tokens are revoked at iyzico / Stripe)
- AI learning signals (anonymized)
- Open support tickets (anonymized)
- Notification logs
What we keep, and why
- Tax-related records (invoices, receipts, e-fatura references) — retained 10 years per Turkish tax law (VUK Madde 253). These contain your billing identifier (Workspace ID, name, billing address, tax ID, amount). They do not contain credentials or content.
- Anonymized audit logs — 365 days, no PII, used for security investigations.
- Aggregated analytics — fully anonymized, no individual identifiers, retained indefinitely.
After the legal retention windows, even these records are erased.
Backups
Encrypted backups of our database may contain your data for up to 30 days after deletion (our standard backup retention). We do not restore deleted users' data from backups except where required by law (e.g., a court order). After 30 days, backups containing your data are rotated out and overwritten.
Verification
To confirm your data has been deleted, email [email protected] after the deletion is complete. We will provide a deletion certificate.
Questions
- Email:
[email protected] - DPO:
[email protected] - Mailing address: ARK 399 BLOK, N:399-1-1 Suadiye Mahallesi, Istanbul (Anatolia) 34730, Turkey
Last updated: May 12, 2026