ACE Cloud Legal · Draft

ACE Micro Cloud — Account & Data Deletion Policy

DRAFT — for Armored Gate / counsel review and approval before use. Not legal advice.

Google Play requires that any app with accounts provide a way to request **account
deletion and data deletion, reachable both in-app and via a public web URL**
that is submitted in Play Console (Data safety) and referenced in the Privacy Policy. The
URL, the Privacy Policy, and the page contents must all match. This draft specifies that
policy; it is grounded in the ACE-Cloud database schema and the current API surface.

Operator: Armored Gate, LLC Web deletion URL (to publish): https://armoredgate.com/ace/delete [CONFIRM final URL] Deletion request contact: privacy@armoredgate.com

1. How to request deletion

In-app: Settings → Account → Delete account (initiates the request and confirms).

Web (no app / already uninstalled): visit [CONFIRM URL] and submit your account email (and, if available, device ID). We verify ownership before deleting.

Email: send a request to privacy@armoredgate.com from your account email.

2. What gets deleted

On a verified deletion request, we delete or irreversibly anonymize the personal data associated with your account:

specs) and their link to you.

lawful records where separate).

Implementation note (audit → build gap). The database is designed so that deleting a
device cascades its metrics, assignments, and earnings links, and clearing the owner sets
device ownership to null. However, there is **no dedicated public "delete my account +
all data" endpoint in the current API** — only device-level and consent-revocation
deletes exist. **Before Play submission, a self-service deletion endpoint/flow (in-app +
the web URL) must be built and verified** so this policy is truthful. This is a launch
blocker; see README decisions.

3. What we retain, and why (legal / financial exceptions)

We may retain a limited set of data after account deletion, only as long as required:

records are retained for the period required by tax and financial-recordkeeping law (and by Stripe's obligations as payments processor). [CONFIRM retention period, e.g. 7 years, with counsel.]

of previously-banned actors) may be retained.

rotation cycle.

Stripe's retention and deletion policy; request deletion of that directly with Stripe where permitted. We delete our stored Stripe account ID reference.

Retained financial/tax records are minimized and access-controlled, and are not used for any purpose beyond the legal obligation.

4. Timeline

legal-retention exceptions in §3, which is deleted when its retention period ends.

5. Partial deletion / alternatives

You may instead:

org) without full deletion.

6. Verification & abuse-prevention

We verify that the requester controls the account (e.g. confirmation from the account email) before deleting, to protect you from malicious deletion requests.

7. Contact

privacy@armoredgate.com · [CONFIRM postal address]


Play Console fields this document satisfies

URL**.