Data Deletion

Your right to be forgotten

Under Article 17 of the GDPR (and equivalent laws in other jurisdictions), you can ask Steward Brand to permanently delete your account and all associated personal data. This page explains exactly how to do that and what gets erased.

Option 1 — Self-service from inside the app

1. Sign in at stewardbrand.com/login.
2. Go to Settings → Account → Delete account.
3. Confirm by typing DELETE in the confirmation field.
4. You'll receive a confirmation email at the address on file.

Deletion is final and irreversible. Data is purged within 30 days of your request and OAuth tokens are revoked immediately.

Option 2 — Email request

If you cannot sign in or prefer to make the request in writing, email stewardbrandofficial@gmail.com from the address associated with your account, with the subject line "GDPR data deletion request". We respond within 30 days, as required by GDPR Art. 12(3), with confirmation of deletion (or a justified refusal).

Option 3 — Revoke our access from each platform

You can also revoke our app's access to a specific connected platform without deleting your Steward Brand account. Once you revoke from the platform side, the corresponding tokens we hold become useless and we'll delete them on the next sync.

• Facebook / Instagram — Settings → Business Integrations → remove "Steward Brand"
• LinkedIn — Settings → Data Privacy → Permitted Services
• TikTok — Settings → Manage app permissions
• YouTube / Google — Google Account → Third-party apps with account access

What gets deleted

• Your user account, name, email, and password hash
• All OAuth tokens, refresh tokens, and platform identifiers we received from connected platforms
• Brand documents, media assets, posts, drafts, ideas, briefs, generated content, and approval history that you owned
• AI agent logs, event logs, and metric snapshots tied to your account
• Sessions, API keys, and any encrypted AI provider credentials you stored

What may be retained (and why)

• Invoices and tax records — kept for the period required by Portuguese tax law (typically 10 years), in line with GDPR Art. 17(3)(b).
• Aggregated, fully de-identified analytics — kept indefinitely as it no longer constitutes personal data.
• Backups — encrypted snapshots may contain your data for up to 35 days after deletion until backup rotation overwrites them.
• Posts already published to a third-party platform — those copies live on that platform, not on our servers; you must delete them from the platform directly.

Multi-tenant note

If you are the sole owner of a workspace (Company), the workspace and all its content are deleted with you. If the workspace has other members, your personal account and your authored content are removed but the workspace itself is reassigned to the next eligible owner. Any content you co-authored that is still in use by other members may be attributed as "deleted user".

Meta automated callback (for reviewers)

Our Facebook app implements the official Data Deletion Request Callback at https://stewardbrand.com/api/data-deletion. When a user removes our app from their Meta account, Meta posts a signed request to that endpoint; we verify the signature with the app secret, queue the user's data for deletion, and respond with a confirmation code and a status URL. You can check the status of any request at https://stewardbrand.com/data-deletion/status?code=<code>.

Right to complain

If you believe we have not handled your deletion request properly, you have the right to lodge a complaint with your local data-protection supervisory authority. In Portugal: Comissão Nacional de Proteção de Dados (CNPD).

Related documents

• Privacy Policy
• Terms of Service
• Cookie Policy