Data Retention Policy
Last updated: September 6, 2025
This Data Retention Policy explains how long Tendral Health retains different types of data, our retention criteria, and what happens to data when retention periods expire. We balance business needs, legal requirements, and user privacy in our retention practices.
Retention Principles
We retain data only as long as necessary for its intended purpose, ensuring proportionality, transparency, and compliance with all applicable regulations.
Data Lifecycle
Active Data
Data actively used for platform operations, fully accessible with regular backups and security monitoring. This includes current user accounts, ongoing surveys, and recent transactions.
Archived Data
Data stored for compliance and backup purposes with limited access and reduced functionality. Moved to long-term storage after active use period ends.
Deleted Data
Data securely deleted after retention periods expire, with overwriting of storage media and certification of deletion available upon request.
Data Categories and Retention Periods
User Account Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Profile Information | 2 years after account closure | Compliance, fraud prevention |
| Authentication Data | 1 year after account closure | Security, audit trails |
| Communication Preferences | Until account closure | Service delivery |
Survey Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Survey Responses | 2 years or client-controlled | Research, analytics |
| Survey Metadata | 3 years | Platform improvement |
| Aggregated Analytics | 5 years | Business intelligence |
Financial Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Payment Records | 7 years | Tax compliance, auditing |
| Tax Forms (1099s) | 7 years | Tax compliance |
| Subscription Data | 3 years | Business analysis |
Technical Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Server Logs | 90 days | Security, troubleshooting |
| Error Logs | 1 year | Platform improvement |
| Usage Analytics | 2 years | Product development |
Client-Controlled Retention
For enterprise clients, we offer flexible retention options:
- Custom Retention Periods: Set specific retention periods for survey data
- Extended Retention: Keep data longer than standard periods when needed
- Accelerated Deletion: Delete data sooner than standard periods upon request
- Data Export: Export data before deletion for client archival
Data Lifecycle Management
Active Phase
- Data is actively used for platform operations
- Full access and functionality available
- Regular backups and security monitoring
Archive Phase
- Data moved to long-term storage
- Limited access for compliance purposes
- Reduced processing and functionality
Deletion Phase
- Secure deletion from all systems
- Overwriting of storage media
- Certification of deletion available upon request
Legal and Regulatory Requirements
Our retention periods consider various legal requirements:
- Tax record retention requirements (7 years)
- Employment law requirements (varies by jurisdiction)
- Data protection laws (GDPR, CCPA)
- Healthcare regulations (where applicable)
- Financial services regulations
User Rights and Requests
Users can request:
- Data Deletion: Request early deletion of personal data
- Data Export: Receive copies of data before deletion
- Retention Information: Details about how long specific data is kept
- Deletion Certification: Confirmation that data has been deleted
Data Backup and Recovery
We maintain backups for data protection and disaster recovery:
- Daily backups retained for 30 days
- Weekly backups retained for 3 months
- Monthly backups retained for 1 year
- Backup data follows the same retention policies
Third-Party Data Processors
Our data processors must comply with our retention requirements:
- Supabase: Database and authentication data
- Stripe: Payment processing data
- Vercel: Application hosting and logs
- SendGrid: Email communication data
Policy Updates
This policy may be updated to reflect changes in:
- Legal requirements
- Business needs
- Technology changes
- User feedback
Contact Information
For questions about data retention or to make a request:
Email: privacy@tendralhealth.com
Address: Tendral Health LLC, 123 Market Street, Suite 500, Bozeman, Montana 59715