2.1 When the Right Applies

Under UK GDPR Article 17, you have the right to request deletion of your personal data where:

• The data is no longer necessary for the purpose it was collected.
• You withdraw consent and there is no other lawful basis for processing.
• You object to processing based on legitimate interests and there are no overriding grounds.
• The data has been unlawfully processed.
• Deletion is required to comply with a legal obligation.

2.2 How to Submit a Request

Send your erasure request to team@taskyn.co.uk. Include your full name and, where possible, the email address or other identifier associated with your data so we can locate your records efficiently.

2.3 Our Response Timeline

We will acknowledge your request within 5 business days and complete the deletion (or notify you of any applicable exceptions) within one calendar month. Where the request is complex or we receive a high volume, we may extend this by a further two months - we will notify you of any extension within the first month.

2.4 Scope of Deletion

On receiving a valid erasure request, Taskyn will:

• Delete or anonymise the personal data held in our own systems (including CRM records, email correspondence, and website analytics data that we control).
• Instruct our sub-processors to delete relevant data where we have the ability and authority to do so.
• Confirm completion to you in writing.

2.5 Exceptions

We may retain certain data where deletion would conflict with:

• A legal obligation (for example, retaining VAT records and billing data for 6 years under HMRC requirements).
• The establishment, exercise, or defence of a legal claim.
• A public interest archive or research purpose.

Where we rely on an exception, we will inform you and specify what data is retained and why.

2.6 Data Processed on Behalf of Clients

If your data is processed by Taskyn on behalf of one of our business clients, Taskyn is acting as a data processor and your erasure request should be directed to that client (the data controller) in the first instance. We will support our clients in responding to such requests as required under our Data Processing Agreement.

3.1 End of Engagement

When a client engagement ends - whether by expiry, notice, or termination - Taskyn will manage client data as follows:

3.2 Return of Data

Within 30 days of the engagement end date, and upon written request, Taskyn will:

• Provide a copy of any client-owned data held within Taskyn-managed workflow infrastructure (for example, stored records, logs, or API credentials provided by the client) in a structured, commonly used format where technically feasible.
• Provide documentation of the workflow configurations built for the client to support migration to another provider.

3.3 Deletion of Workflow Data

Within 30 days of the engagement end date (unless a longer retention period is agreed in writing or required by law), Taskyn will:

• Deactivate all active automation workflows associated with the client.
• Delete or securely destroy client data held within Taskyn-managed workflow systems, including n8n Cloud workflow data, API credentials, and any integration tokens.
• Remove the client's access credentials from Taskyn's secret managers.
• Confirm deletion to the client in writing.

3.4 Residual Data in Backups

Client data may persist in encrypted system backups for up to 90 days following deletion from live systems. These backups are held securely and are overwritten on a rolling cycle. We do not restore deleted client data from backups except where legally required.

3.5 Data Retained After Offboarding

Taskyn may retain the following data after an engagement ends, in accordance with our legal obligations:

• Billing records, invoices, and payment history: 6 years (UK tax and accounting law).
• Contract and correspondence records: 6 years from engagement end (limitation period for contract claims).
• Communications relevant to a legal claim or regulatory inquiry: for the duration of that matter.

4.1 Requesting Deletion of Your Meta Platform Data

If you believe Taskyn holds personal data about you that was obtained via a Facebook Page, Instagram Business account, or WhatsApp Business account operated by one of our clients, you may request deletion by emailing team@taskyn.co.uk with the subject line "Meta Platform Data Deletion Request."

To help us locate your data, please include:

• The business or Page you interacted with (for example, the Facebook Page name or WhatsApp Business number).
• Your name and the contact identifier used in that interaction (email, phone number, Instagram handle, or Facebook profile name).
• A brief description of the data you want deleted (for example, message history, contact details).

4.2 Our Response

We will acknowledge your request within 5 business days and complete deletion within one calendar month. Because Taskyn typically acts as a data processor for Meta Platform data on behalf of our business clients, we will:

• Delete the relevant data from Taskyn-managed workflow systems (including n8n Cloud).
• Revoke any stored access tokens and remove conversation records held in our infrastructure.
• Notify the relevant client (the data controller) of your request so they can take any further action required on their own systems.
• Confirm completion to you in writing.

4.3 Removing Taskyn's Access to Your Meta Accounts (for Businesses)

If you are a business client who connected a Facebook Page, Instagram Business account, or WhatsApp Business account to a Taskyn workflow and you want to revoke that access:

• Facebook and Instagram: go to Facebook Settings, then Business Integrations (facebook.com/settings?tab=business_tools), locate the "AtoB automation" app, and select Remove. This revokes Taskyn's access tokens immediately.
• WhatsApp Business: in Meta Business Suite, go to Settings, then Business Assets, then WhatsApp Accounts, select the relevant account, and remove Taskyn's system user or app access.

After you remove access, email team@taskyn.co.uk to confirm and we will delete any residual data held in Taskyn systems within 30 days, subject to the backup cycle described in section 3.4 and any legal retention obligations in section 3.5.

4.4 Residual Data

As described in section 3.4, deleted data may persist in encrypted backups for up to 90 days before being overwritten. We do not restore deleted Meta Platform data from backups except where legally required.