We retain personal information only as long as reasonably necessary for the purpose it was collected, the business need, and applicable legal obligations. We do not retain personal information indefinitely. When a retention period ends, data is deleted or de-identified through automated processes.
| Data category | Purpose | Retention period | Deletion trigger/method |
|---|---|---|---|
| Uploaded documents & photos | In-session document analysis | Not retained — processed in memory only, cleared promptly (target ≤ 1 hour) | Automatic session clearing; never persisted |
| Chat conversations (messages + AI responses) | In-session responses & continuity | Not retained after your session ends — processed in-session only | Automatic session clearing; never persisted to our servers |
| Student profiles | Personalize guidance | While account active; deleted 12 months after cancellation, final purge by 18 months | Automated; cascade on account deletion |
| Account information (email, display name, credentials) | Provide the service | 18 months after cancellation | Automated; immediate on account-deletion request |
| Case Tracker data (opt-in: dates, goals, notes, summaries) | User-elected case tracking | While enabled; deleted on disable or account deletion; inactive records purged after 24 months | User-initiated + automated minimization purge |
| Subscription/payment records | Billing, tax, accounting | Up to 7 years (tax code / PCI-DSS) | Per Stripe + legal obligation |
| Analytics & usage data | Improve the Platform | 12 months | Automated deletion |
| Support tickets / correspondence | Customer support | 12 months after closure | Automated deletion |
| System & security logs | Security, abuse prevention | 12-month rotation | Automated rotation |
| Audit log (rights actions, deletions, purges) | Evidence that rights/retention ran | Retained for evidentiary/compliance purposes | Append-only; not user-deletable |
| Marketing email contacts | Marketing communications | Until you unsubscribe | On unsubscribe |
| De-identified / aggregated data | Quality improvement | May be retained indefinitely (no longer personal data) | N/A |
Deletion is performed by automated jobs and, where applicable, by irreversible cryptographic deletion. Some information may persist briefly in encrypted backups, which rotate and expire on a defined cycle. We confirm completion of user-initiated deletions and provide deletion verification on request.
You may at any time, from Account Settings: export all of your data; delete your Case Tracker data (without affecting your account); or delete your entire account (which cascades to your profiles and Case Tracker data). Data-export requests are fulfilled within 10 business days.
We may retain information longer where required to comply with a legal obligation, resolve disputes, enforce agreements, or meet tax/accounting/regulatory requirements, and may retain de-identified data indefinitely.
This Policy implements IEPVue's retention commitments under FTC Act §5 and supports compliance with the FTC Health Breach Notification Rule and applicable state privacy laws (notably the Maryland Online Data Privacy Act's data-minimization requirements). It meets the COPPA written-retention standard as a voluntary baseline, although COPPA does not apply to IEPVue.