DATA RETENTION & DELETION POLICY
Effective Date: 01-12-2025
1. PURPOSE
This policy outlines:
- How long Gabify retains different categories of data
- Deletion procedures
- Institutional rights
- Parental and client rights
2. RETENTION PERIODS
| Data Type | Retention Duration | Notes |
|---|---|---|
| Institution account data | Duration of contract + 5 years | For audit/legal compliance |
| Clinician user accounts | Duration of employment + 3 years | |
| Child/patient assessment summaries | As required by institution (default: 3–7 years) | Healthcare compliance varies |
| Audio/video recordings | 6–24 months (customizable) | Deletable upon request |
| AI training data (de-identified) | Perpetual | Cannot be re-identified |
| System logs | 12–24 months | Security purposes |
| Consent records | Minimum 3 years | Legal requirement |
| Financial records | 7–10 years | Tax audit compliance |
3. DELETION PROCEDURES
Deletion may be:
3.1 User-Initiated
Through enterprise admin request.
3.2 Parent/Guardian Request
Limited to:
- Audio/video
- Uploaded questionnaires
- Personal identifiers
3.3 Automatic Deletion
Based on retention schedules.
3.4 Partial Deletion
Some data may remain anonymized for:
- AI training
- Research
- Analytics
4. EXCEPTIONS
Data may be retained longer when:
- Required by law
- Required for legal defense
- Under investigation
- Needed for operational integrity
5. POST-DELETION LIMITATIONS
User acknowledges:
- Deleted data may not be recoverable
- Backups may retain encrypted copies until overwritten
- AI training data (de-identified) is not reversible
6. CONTACT FOR DELETION REQUESTS
Request via Institution or directly:
info@gabify.life