Data Deletion Policy

Effective Date: December 17, 2025 Last Updated: December 30, 2025

This Data Deletion Policy describes how Nationwide Legal, LLC (“Nationwide Legal,” “we,” “us,” or “our”) processes requests for deletion or restriction of personal data in accordance with applicable privacy laws, including the California Consumer Privacy Act (“CCPA”), and outlines the procedures followed across systems under Nationwide Legal’s direct control.

This policy should be read together with our Terms of Service, Privacy Policy, and Security Policy.

1. Purpose

The purpose of this policy is to explain:

    • How data deletion requests are received, verified, and processed
    • The scope and limitations of data deletion across Nationwide Legal systems
    • Applicable legal exceptions permitting data retention or restriction
    • Timeframes and documentation practices associated with deletion requests

2. Scope

This policy applies to personal data processed by or on behalf of Nationwide Legal, including:

    • Personal data stored in systems directly operated and controlled by Nationwide Legal
    • Middleware platforms operated by Nationwide Legal in support of customer services
    • Downstream or legacy systems where Nationwide Legal has direct operational control
    • Applicable service providers acting on Nationwide Legal’s behalf under contractual obligations

This policy does not apply to systems or data controlled exclusively by customers or third parties outside Nationwide Legal’s control.

3. Request Intake

3.1 Submission Method

Requests for deletion of personal data may be submitted by data subjects or authorized customer representatives by contacting:

Email: security@nationwidelegal.com

3.2 Logging

All deletion requests are logged internally and include, where applicable:

    • Date the request is received
    • Requestor identity and verification status
    • Scope and nature of the request
    • Systems potentially impacted
    • Actions taken and completion status

4. Identity Verification

Prior to processing a deletion request, Nationwide Legal verifies the identity and authorization of the requestor using reasonable and proportionate methods designed to prevent unauthorized or fraudulent deletion, which may include:

    • Matching contact information on record
    • Confirmation from an associated customer account administrator
    • Internal customer verification procedures

Requests that cannot be verified are not processed until verification is completed.

5. Data Deletion and Restriction Procedures

5.1 Systems Under Direct Control

For systems directly operated and controlled by Nationwide Legal, personal data is deleted from active systems where feasible, which may include:

    • Application databases
    • API data stores
    • Cached or derived data sets
    • Access credentials and authentication tokens

Operational, security, and audit logs may be retained in an access-restricted or anonymized form where retention is necessary for security monitoring, legal compliance, audit, or dispute resolution purposes.

5.2 Downstream and Legacy Systems

Certain downstream or legacy systems may retain historical records due to technical, architectural, legal, or operational constraints. In such cases, deletion may be implemented through restriction and suppression rather than immediate physical removal.

Where applicable, Nationwide Legal will take reasonable steps to:

    • Identify records associated with the data subject
    • Disable further active processing or use of the data
    • Restrict access to authorized personnel only
    • Retain data solely for purposes permitted by law, including legal compliance, transaction completion, audit requirements, or dispute resolution

This approach is consistent with applicable deletion exceptions under privacy laws such as the CCPA.

6. Backups and Archives

Personal data may exist in encrypted backup or archival systems maintained for business continuity and disaster recovery purposes.

    • Backup data is not actively processed
    • Deleted data is not intentionally restored into active systems
    • Backup data is retained and purged in accordance with standard retention schedules

7. Service Providers

Where personal data is processed by service providers acting on behalf of Nationwide Legal:

    • Providers are notified of applicable deletion or restriction requests
    • Providers are instructed to delete or restrict data in accordance with contractual obligations and applicable law
    • Where deletion is not feasible due to legal or operational constraints, providers are instructed to restrict processing to permitted purposes

8. Response to Requestors

Upon completion of the deletion or restriction process, Nationwide Legal provides confirmation to the requestor indicating that:

    • Personal data has been deleted from systems under Nationwide Legal’s direct control where feasible
    • Certain data may be retained in restricted systems where required by law or for legitimate business purposes
    • Retained data is not used for any purpose beyond those permitted under applicable law

9. Documentation and Audit

Nationwide Legal maintains internal records related to deletion requests, including:

    • Requests received
    • Actions taken
    • Systems impacted
    • Legal or operational exceptions applied
    • Completion dates

Such documentation is retained for compliance, audit, and accountability purposes.

10. Request Timeline

Nationwide Legal acknowledges verified deletion requests within a reasonable timeframe.

Deletion or restriction of personal data is completed within forty-five (45) days of verification, unless an extension is reasonably necessary due to the complexity or scope of the request.

Where permitted by law, this period may be extended by an additional forty-five (45) days, with notice provided to the requestor.

11. Policy Review

This Data Deletion Policy is reviewed periodically and updated as necessary to reflect changes in applicable laws, systems, or operational practices.