IEPVue is committed to responsible data stewardship and the privacy rights of individuals, particularly children under 13. This Data Retention Policy describes what personal information we collect, how long we retain it, and the procedures we follow to securely delete data when retention periods expire.
This policy is required by the Children's Online Privacy Protection Act (COPPA) and its 2025 amendments, which establish stringent requirements for data minimization, retention limits, and deletion procedures for operators serving children under 13.
All retention periods referenced in this policy are measured from the date data is collected, unless otherwise specified. Deletion timelines apply to both active accounts and accounts that have been cancelled or suspended.
IEPVue retains personal information only for the duration necessary to provide our services and comply with legal obligations. The following schedule details retention periods for each category of data we collect:
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account Information (Email address, name, display name, profile photo) |
Retained while account is active. Deleted 18 months after account cancellation, following 30-day cancellation warning period. | Irreversible cryptographic deletion from all systems including backups. |
| Student Profiles (Student nickname, grade, school, county, educational concerns) |
Retained while account is active. Deleted 12 months after account cancellation with permanent deletion at 18 months. | Irreversible cryptographic deletion; all references removed from system logs. |
| Chat Data (Conversation history with AI assistant) |
Retained for 12 months from creation, then automatically deleted. | Automatic deletion via scheduled data purge processes. |
| Document Uploads (IEP documents, evaluation reports, school records) |
Ephemeral — not retained in persistent storage. Processed only in-memory during active sessions. | Auto-purged from memory at session end; never written to disk or backup. |
| Subscription & Payment Data (Transaction history, payment method last 4 digits) |
Retained for 7 years per tax code and PCI-DSS compliance requirements. | Secure purge after 7-year retention window; handled via Stripe's secure deletion process. |
| Feedback & Support Alerts (De-identified feature requests, bug reports) |
Retained indefinitely in de-identified form for product improvement purposes. | Permanently retained; never contains personal identifiers. |
| Authentication Tokens (Session tokens, OAuth refresh tokens) |
Session-based (default 24 hours); automatically invalidated at expiration. | Automatic revocation and purge from token store at expiration. |
| Analytics & Usage Data (Feature usage, page views, performance metrics) |
Retained for 12 months, then automatically deleted. | Automatic deletion via scheduled purge processes. |
| Email Marketing Preferences (Newsletter subscriptions, email addresses for marketing) |
Retained until user unsubscribes; deleted within 30 days of unsubscribe request. | Immediate deletion from mailing list and analytics systems. |
| Support Tickets & Help Requests (User-submitted support inquiries) |
Retained for 12 months after ticket closure for reference and quality assurance. | Secure deletion after 12-month retention window. |
| Logs & Audit Records (System activity logs, security audit trails) |
Retained for 12 months for security and compliance monitoring purposes. | Automatic deletion via log rotation and purge processes. |
IEPVue employs automated systems to delete data at the end of each retention period without manual intervention. Automated deletion applies to:
Automated deletion processes run on a recurring schedule and verify successful deletion to ensure no residual data remains.
When a user cancels their account:
IEPVue maintains backup systems for disaster recovery and business continuity. Deleted data is removed from:
We may retain data longer than specified in this policy if required by law, including:
Data that has been anonymized and de-identified such that it cannot reasonably identify an individual may be retained indefinitely, including:
Data necessary to provide active services or fulfill user requests is retained for the duration of the engagement, even if the standard retention period would expire sooner.
Parents and guardians have the right to request a copy of their personal information and their child's information before deletion occurs. To request a data export, email [email protected] with "DATA EXPORT REQUEST" in the subject line.
To request a manual export, users may contact us at the address provided in Section 7. We will provide a complete data export within 10 business days of request at no charge.
This Data Retention Policy is reviewed annually to ensure compliance with evolving COPPA requirements, state privacy laws, and industry best practices. We may update retention periods if:
Parents and guardians will be notified of material changes to this policy via email and updated notice on our website. The effective date will be updated to reflect any policy changes. Continued use of IEPVue following notification constitutes acceptance of policy updates.
For questions about this Data Retention Policy, data deletion requests, export requests, or concerns about our data handling practices, please contact:
Eccleston Education Consulting, LLC
Service: IEPVue
Email: [email protected]
Location: New Market, MD 21774
Response Timeline: We will acknowledge your request within 24 hours and provide a substantive response within 10 business days.
FTC Complaints: If you believe IEPVue is not complying with COPPA or this policy, you may file a complaint with the Federal Trade Commission at reportfraud.ftc.gov.
© 2026 Eccleston Education Consulting, LLC. All rights reserved.
IEPVue Data Retention Policy | Effective April 1, 2026