Data Retention Policy
Detailed data retention schedules and practices for Kids on the Yard services
Last updated on 2026-03-19
Privacy
Data Retention Policy
Effective Date: 2026-03-19
Overview
This Data Retention Policy explains how long Kids on the Yard retains different types of data, the reasons for retention periods, and how data is securely disposed of when no longer needed.
We retain data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.
Data Retention Principles
Core Principles
- Purpose Limitation: Data retained only for specified, legitimate purposes
- Minimization: Retain minimum data necessary for each purpose
- Accuracy: Regularly review and update retained data
- Storage Limitation: Delete data when retention period expires
- Security: Protect retained data with appropriate safeguards
Legal Bases for Retention
We retain data based on:
- Contractual Necessity: To provide and improve our services
- Legal Compliance: To meet regulatory and legal requirements
- Legitimate Interests: For business operations and improvements
- Consent: Where you have consented to specific retention
Retention Schedules by Data Category
Account and Profile Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Account credentials | Duration of account + 30 days | Service provision |
| Profile information | Duration of account + 1 year | Service history |
| Contact information | Duration of account + 3 years | Communication records |
| Account preferences | Duration of account | Service customization |
| Parent/guardian info | Duration of child's account + 5 years | Legal compliance |
Educational and Service Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Tutoring session records | 7 years after last session | Educational records |
| Progress reports | 7 years after last session | Educational continuity |
| Assessment results | 7 years after last session | Academic records |
| Learning plans | Duration of service + 3 years | Service delivery |
| Session notes | 7 years after last session | Educational records |
Session Recordings (Video/Audio)
Session recordings are stored securely on AWS S3 with CloudFront delivery. Retention periods vary by recording category:
| Recording Category | Retention Period | Purpose |
|---|---|---|
| Tutoring sessions (routine, no incident) | 3 years | Educational continuity (Tier 1) |
| Sessions linked to incident or complaint | Age 25 or 10 years, whichever longer | Incident documentation (Tier 2) |
| Sessions linked to abuse allegation, mandated reporter, or law enforcement | Until student reaches age 40 | CA AB 218 alignment (Tier 3) |
| Sessions under legal hold | Indefinite until counsel releases | Litigation hold (Tier 4) |
| Communications (email, SMS, chat) | 7 years default | Communications retention (Tier 5) |
| Assessment sessions | 2 years | Academic documentation |
| Consultation calls | 1 year | Parent/guardian communication records |
| Training sessions | 1 year | Staff development records |
| Care team meetings | 1 year | Student support coordination |
| Interview recordings | 6 months | Hiring process documentation |
| Internal meetings | 90 days | Operational records |
Recording retention follows the tiered schedule above. The tier that applies to a given recording is determined at the time of any incident or by the routine retention rule by default.
Recording Access and Sharing:
- Recordings are accessible only via time-limited, signed URLs
- Shared recordings expire automatically (default: 24 hours)
- Access is logged for security and compliance
- Parents receive email notifications when recordings are shared
Financial and Billing Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Payment records | 7 years | Tax/legal compliance |
| Invoices | 7 years | Financial records |
| Refund records | 7 years | Financial records |
| Payment method details | Until updated/removed + 90 days | Service provision |
| Tax documents | 7 years | IRS requirements |
Communication Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Email correspondence | 3 years | Customer service |
| Chat/messaging logs | 2 years | Support history |
| Phone call recordings | 7 years | Communications retention (Tier 5) |
| SMS messages | 2 years | Communication records |
| Support tickets | 3 years after resolution | Service improvement |
Technical and Usage Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Website access logs | 90 days | Security/troubleshooting |
| Analytics data | 26 months (aggregated) | Service improvement |
| Error logs | 90 days | Technical support |
| Security logs | 1 year | Security monitoring |
| Cookie data | Per cookie policy | Functionality |
Marketing and Consent Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Marketing preferences | Duration of relationship + 2 years | Consent management |
| Consent records | 7 years after consent expires | Legal compliance |
| Opt-out records | Indefinite | Honor preferences |
| Survey responses | 3 years | Service improvement |
Legal and Compliance Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Contracts/agreements | 10 years after expiration | Legal compliance |
| COPPA consent forms | Duration + 5 years | FTC compliance |
| Data subject requests | 3 years | Regulatory compliance |
| Incident reports | 7 years | Legal/insurance |
| Audit logs | 7 years | Compliance verification |
Special Categories
Children's Data (Under 13)
Enhanced protections for children's data:
- Minimum data collection
- Parental consent verification retained for 5 years
- Data deleted within 30 days of consent withdrawal
- Annual review of necessity for retention
Special Education (SPED) Records
| Data Type | Retention Period | Basis |
|---|---|---|
| IEP-related notes | 7 years after last service | IDEA compliance |
| Behavioral data | 5 years after last service | Educational records |
| ABA therapy records | 7 years after last service | Healthcare records |
| Progress monitoring | 7 years after last service | Educational continuity |
Employee and Contractor Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Background check records | Duration of employment + 7 years | Legal compliance |
| Training records | Duration + 5 years | Compliance verification |
| Performance records | Duration + 3 years | HR practices |
| Payroll records | 7 years | Tax compliance |
Data Disposal Procedures
Electronic Data
- Identification: Identify data reaching end of retention period
- Review: Confirm no legal holds or exceptions apply
- Secure Deletion: Use approved secure deletion methods
- Verification: Verify successful deletion
- Documentation: Log deletion in audit trail
Secure Deletion Methods
- Standard Data: Secure overwrite (3-pass minimum)
- Sensitive Data: Cryptographic erasure or physical destruction
- Backup Data: Included in deletion cycles
- Cloud Data: Certified deletion from provider
Physical Records
- Collection: Gather physical records for destruction
- Secure Storage: Store securely until destruction
- Destruction: Cross-cut shredding or incineration
- Certification: Obtain destruction certificate
- Documentation: Log destruction in records
Exceptions to Retention Periods
Legal Holds
Data may be retained beyond standard periods when:
- Subject to pending or anticipated litigation
- Under regulatory investigation
- Subject to legal preservation order
- Required for ongoing legal proceedings
Regulatory Requirements
Extended retention when required by:
- Court orders
- Government investigations
- Regulatory audits
- Tax authority requests
User Requests
Extended retention when:
- User requests data preservation
- Data needed for ongoing dispute resolution
- Consent given for longer retention
Your Rights
Access Your Data
Request a copy of data we retain about you:
- Submit request via email or portal
- Response within 30 days (45 for complex requests)
- Provided in portable format upon request
Request Deletion
Request deletion of your data:
- Subject to legal retention requirements
- Processed within 30 days
- Confirmation provided upon completion
Data Portability
Request data in portable format:
- Common machine-readable format
- Direct transfer to another service where feasible
Automated Retention Management
Systems and Processes
- Automated Flagging: Data flagged when approaching retention end
- Review Workflows: Human review for sensitive categories
- Deletion Scheduling: Automated deletion queues
- Audit Logging: All retention actions logged
- Exception Handling: Legal holds automatically applied
Regular Reviews
| Review Type | Frequency |
|---|---|
| Retention schedule review | Annual |
| Legal hold review | Quarterly |
| Policy compliance audit | Annual |
| Deletion verification | Monthly |
Contact Information
For data retention questions or requests:
Data Management Team Kids on the Yard Limitless Virtue LLC 9701 NE 2nd Ave, Suite #1069 Miami Shores, Florida 33138 U.S.A
| Contact | Information |
|---|---|
| Data Requests | [email protected] |
| Privacy Team | [email protected] |
| General | [email protected] |
| Phone | +1 786-382-2000 |
Related Policies
- Privacy Policy - Complete privacy practices
- AI Disclosure - AI data handling
- COPPA Consent - Children's data
- Incident Response - Data breach procedures
This Data Retention Policy is subject to change. Material changes will be communicated via email or website notice.
Tags
data-retentionprivacydata-managementrecordscompliancegdprccpa
Need Help?
If you have questions about this policy or need assistance, please contact our support team.
Contact Support →