IEPVue — Data Retention Policy

Effective: July 3, 2026  ·  Last Updated: July 3, 2026

1. Principle

We retain personal information only as long as reasonably necessary for the purpose it was collected, the business need, and applicable legal obligations. We do not retain personal information indefinitely. When a retention period ends, data is deleted or de-identified through automated processes.

2. Retention Schedule

Data categoryPurposeRetention periodDeletion trigger/method
Uploaded documents & photosIn-session document analysisNot retained — processed in memory only, cleared promptly (target ≤ 1 hour)Automatic session clearing; never persisted
Chat conversations (messages + AI responses)In-session responses & continuityNot retained after your session ends — processed in-session onlyAutomatic session clearing; never persisted to our servers
Student profilesPersonalize guidanceWhile account active; deleted 12 months after cancellation, final purge by 18 monthsAutomated; cascade on account deletion
Account information (email, display name, credentials)Provide the service18 months after cancellationAutomated; immediate on account-deletion request
Case Tracker data (opt-in: dates, goals, notes, summaries)User-elected case trackingWhile enabled; deleted on disable or account deletion; inactive records purged after 24 monthsUser-initiated + automated minimization purge
Subscription/payment recordsBilling, tax, accountingUp to 7 years (tax code / PCI-DSS)Per Stripe + legal obligation
Analytics & usage dataImprove the Platform12 monthsAutomated deletion
Support tickets / correspondenceCustomer support12 months after closureAutomated deletion
System & security logsSecurity, abuse prevention12-month rotationAutomated rotation
Audit log (rights actions, deletions, purges)Evidence that rights/retention ranRetained for evidentiary/compliance purposesAppend-only; not user-deletable
Marketing email contactsMarketing communicationsUntil you unsubscribeOn unsubscribe
De-identified / aggregated dataQuality improvementMay be retained indefinitely (no longer personal data)N/A

3. Deletion Method

Deletion is performed by automated jobs and, where applicable, by irreversible cryptographic deletion. Some information may persist briefly in encrypted backups, which rotate and expire on a defined cycle. We confirm completion of user-initiated deletions and provide deletion verification on request.

4. User Controls

You may at any time, from Account Settings: export all of your data; delete your Case Tracker data (without affecting your account); or delete your entire account (which cascades to your profiles and Case Tracker data). Data-export requests are fulfilled within 10 business days.

5. Exceptions

We may retain information longer where required to comply with a legal obligation, resolve disputes, enforce agreements, or meet tax/accounting/regulatory requirements, and may retain de-identified data indefinitely.

6. Legal Basis

This Policy implements IEPVue's retention commitments under FTC Act §5 and supports compliance with the FTC Health Breach Notification Rule and applicable state privacy laws (notably the Maryland Online Data Privacy Act's data-minimization requirements). It meets the COPPA written-retention standard as a voluntary baseline, although COPPA does not apply to IEPVue.

IEPVue provides general educational information about special education law and processes. It is not legal advice and is not a substitute for consultation with a qualified special education attorney. Topics involving due process, mediation, unilateral placement, or reimbursement claims require legal counsel. IEPVue is an AI-powered educational tool informed by expert knowledge. Information is based on federal and state regulations and may not reflect the most recent changes. Always verify information with your local school district or state education agency.

Privacy Policy Terms of Use Information Security Data Retention How We Use AI Contact

© 2026 Eccleston Education Consulting, LLC. All rights reserved.