Account & data deletion
You can request deletion of your Nemesis Labs account and any associated personal data at any time, at no cost, and for any reason. This page explains how, what we delete, and what we are legally required to retain.
1. In-product deletion
If you have an active account at app.nemesislabs.xyz, sign in and go to Settings → Account → Delete account. The deletion runs immediately on confirmation. You will receive a confirmation email when it completes.
2. Email request (if you cannot sign in)
Email [email protected] with the subject line Account deletion request. Include:
- The email address associated with your account.
- Your name or organization name, if known.
- The product(s) you used (Blue, Red).
- (Optional) The reason. This helps us improve but is not required.
We will verify the request (typically by replying to the address on file and asking you to confirm) and process the deletion within 30 days. You will receive a confirmation email when it completes.
3. What gets deleted
- Account record: email, name, password hash, billing address.
- Device records: the per-install identifiers associated with your account, agent versions, and historical heartbeats.
- Detection telemetry: any opt-in behavioral telemetry tied to your account.
- Subscription records: tier, seat counts, and provider customer IDs are dissociated from you. The underlying Stripe / Paystack customer object is also deleted via their respective APIs.
- Support correspondence: tickets you have filed with us via [email protected].
- For Nemesis Red license holders: the license record is closed and any active Docker pull credentials revoked. The hash-chained audit logs for past engagements are retained (see Section 4 below).
4. What we are legally required to retain
We retain a minimum set of records to comply with legal obligations. After your deletion request these records are no longer associated with your active account; they exist only in cold storage and are accessed only under valid legal process.
- Tax and billing records: invoices and payment receipts, retained for the period required by tax authorities in our jurisdiction (typically 7 years in the U.S.).
- Nemesis Red audit logs: per-engagement hash-chained logs and consent attestations are retained for a minimum of 3 years from engagement close. This is required to defend against claims of unauthorized use and is disclosed at license issuance.
- Anti-fraud records: minimal markers (hashes of email addresses, IP-country bands at signup) retained to detect repeat fraudulent signups. No personal data is retained in these markers.
5. Local data on your device
Some data the Nemesis Blue agent processes never leaves your device. Deleting your cloud account does not delete local data. To delete local data:
- macOS: uninstall via
nemesisctl uninstall, which removes the agent, the system extension, and/var/lib/nemesis-blue/. - Linux:
sudo /opt/nemesis-blue/uninstall.sh. - Windows: uninstall via Control Panel → Programs, or via the .msi installer in repair-then-remove mode.
6. Re-activation
Once your account is deleted, it cannot be restored. You may sign up again with the same email at any time, but historical data (devices, detections, tier history) is permanently gone.
7. Questions
Email [email protected] with any clarification request. We respond within two business days.