Data Retention Policy
Detailed data retention schedules and practices for Kids on the Yard services
Data Retention Policy
Effective Date: 2026-03-19 | Last Revised: 2026-07-03
Overview
This Data Retention Policy explains how long Kids on the Yard retains different types of data, the reasons for retention periods, and how data is securely disposed of when no longer needed.
We retain data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.
Data Retention Principles
Core Principles
- Purpose Limitation: Data retained only for specified, legitimate purposes
- Minimization: Retain minimum data necessary for each purpose
- Accuracy: Regularly review and update retained data
- Storage Limitation: We delete or de-identify personal data when its retention period expires or upon a valid deletion request, subject to legal holds and longer legal-retention requirements
- Security: Protect retained data with appropriate safeguards
Legal Bases for Retention
We retain data based on:
- Contractual Necessity: To provide and improve our services
- Legal Compliance: To meet regulatory and legal requirements
- Legitimate Interests: For business operations and improvements
- Consent: Where you have consented to specific retention
Retention Schedules by Data Category
Account and Profile Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Account credentials | Duration of account + 30 days | Service provision |
| Profile information | Duration of account + 1 year | Service history |
| Contact information | Duration of account + 3 years | Communication records |
| Account preferences | Duration of account | Service customization |
| Parent/guardian info | Duration of child's account + 5 years | Legal compliance |
How "Duration of account" works: An account's duration runs from creation until the account is deleted. Deletion happens only when (a) you, or a parent/guardian for a child's account, request it, or (b) we are legally required to delete it — never automatically because of inactivity. The "+30 days", "+1 year", and "+3 years" windows above run from that deletion event and apply to active systems (backup copies are removed on routine rotation). Educational, financial, and compliance records follow their own schedules (for example, 7 years after the last session) and are retained even after an account is deleted, to the extent permitted or required by law.
Account Inactivity Policy
We recognize that students, parents, and educators on educational platforms may go months without logging in during term breaks, seasonal enrollment gaps, or program transitions. Our inactivity windows reflect this reality:
| Stage | Trigger | Action |
|---|---|---|
| Inactivity warning | 365 days (1 year) since last login | Email warning sent with a 31-day window to log in before archival |
| Account archival | 396 days (365 + 31) since last login | Account set to inactive; login blocked until reactivated by contacting support |
| Account deletion | Only on your request or a legal requirement — never from inactivity alone | See "Request Deletion" below |
What "archived" means: Archival never triggers deletion. We intentionally retain archived accounts — under our legitimate interest in educational continuity — so that students returning after an extended absence (a skipped grade, or seasonal and program gaps) can reactivate rather than lose their history. All associated educational records, session history, and compliance data are retained per the schedules in this policy. An archived account can be reactivated by contacting [email protected], and you may request deletion at any time (see "Request Deletion" below).
How to prevent archival: Log in at least once every 12 months. If you receive an inactivity warning email, log in within 31 days to reset the clock.
Per-organization overrides: Organizations using the Kids on the Yard platform may configure shorter inactivity windows for their members. Contact your organization administrator for their specific policy.
Educational and Service Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Tutoring session records | 7 years after last session | Educational records |
| Progress reports | 7 years after last session | Educational continuity |
| Assessment results | 7 years after last session | Academic records |
| Learning plans | Duration of service + 3 years | Service delivery |
| Session notes | 7 years after last session | Educational records |
Session Recordings (Video/Audio)
Session recordings are stored securely on AWS S3 with CloudFront delivery. Retention periods vary by recording category:
| Recording Category | Retention Period | Purpose |
|---|---|---|
| Tutoring sessions (routine, no incident) | 3 years | Educational continuity (Tier 1) |
| Sessions linked to incident or complaint | Age 25 or 10 years, whichever longer | Incident documentation (Tier 2) |
| Sessions linked to abuse allegation, mandated reporter, or law enforcement | Until student reaches age 40 | CA AB 218 alignment (Tier 3) |
| Sessions under legal hold | Indefinite until counsel releases | Litigation hold (Tier 4) |
| Communications (email, SMS, chat, phone calls) | 7 years | Communications retention (Tier 5) |
| Assessment sessions | 7 years | Academic documentation (aligns to assessment results retention) |
| Consultation calls | 7 years | Parent/guardian communication records (Tier 5) |
| Training sessions | 7 years | Staff development records |
| Care team meetings | 3 years | Student support coordination (unless incident-related, then Tier 2 or 3) |
| Interview recordings | 3 years | Contractor hiring documentation (employment dispute defense) |
| Internal meetings | 90 days | Operational records |
Recording retention follows the tiered schedule above. The tier that applies to a given recording is determined at the time of any incident or by the routine retention rule by default.
Recording Access and Sharing:
- Recordings are accessible only via time-limited, signed URLs
- Shared recordings expire automatically (default: 24 hours)
- Access is logged for security and compliance
- Parents receive email notifications when recordings are shared
Financial and Billing Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Payment records | 7 years | Tax/legal compliance |
| Invoices | 7 years | Financial records |
| Refund records | 7 years | Financial records |
| Payment method details | Until updated/removed + 90 days | Service provision |
| Tax documents | 7 years | IRS requirements |
Communication Data
All communications are retained under a unified 7-year retention period to support incident documentation, educational continuity, user relationship history, and system improvement analysis. This includes all messaging formats:
| Data Type | Retention Period | Basis |
|---|---|---|
| Email correspondence | 7 years | Communications retention (Tier 5) |
| Chat/messaging logs | 7 years | Communications retention (Tier 5) |
| Phone call recordings | 7 years | Communications retention (Tier 5) |
| SMS messages | 7 years | Communications retention (Tier 5) |
| Support tickets | 7 years | Communications retention (Tier 5) |
Technical and Usage Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Website access logs | 90 days | Security/troubleshooting |
| Analytics data | 26 months (aggregated) | Service improvement |
| Error logs | 90 days | Technical support |
| Security logs | 1 year | Security monitoring |
| Cookie data | Per cookie policy | Functionality |
Marketing and Consent Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Marketing preferences | Duration of relationship + 2 years | Consent management |
| Consent records | 7 years after consent expires | Legal compliance |
| Opt-out records | Indefinite | Honor preferences |
| Survey responses | 3 years | Service improvement |
Legal and Compliance Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Contracts/agreements | 10 years after expiration | Legal compliance |
| COPPA consent forms | Duration of account + 7 years | FTC compliance (unified with communications retention) |
| Data subject requests | 3 years | Regulatory compliance |
| Incident reports | 7 years | Legal/insurance |
| Audit logs | 7 years | Compliance verification |
Special Categories
Children's Data (Under 13)
Enhanced protections for children's data:
- Minimum data collection
- Parental consent verification retained for the duration of the account plus 7 years (consistent with the COPPA consent form retention above)
- Deleted from active systems within 30 days of consent withdrawal; backup copies removed on our routine backup rotation
- Annual review of necessity for retention
Biometric Data (Voice ID, Face Scans)
Biometric identifiers are classified as Sensitive Personal Information and are subject to enhanced, purpose-limited retention. We deliberately do not apply the general 7-year communications retention period to biometric data, because biometric privacy laws require prompt destruction once the authentication purpose ends.
| Data Type | Retention Period | Basis |
|---|---|---|
| Voice identification / voiceprints | Duration of account; destroyed within 1 year of account closure or 3 years after last interaction, whichever is sooner | BIPA / CUBI compliance |
| Facial recognition / face scans | Duration of account; destroyed within 1 year of account closure or 3 years after last interaction, whichever is sooner | BIPA / CUBI compliance |
Biometric identifiers are collected only with consent, used solely to authenticate the account holder, and are never sold or shared for third-party marketing. A written retention-and-destruction schedule is maintained as required by the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington's biometric privacy law (RCW 19.375).
Special Education (SPED) Records
| Data Type | Retention Period | Basis |
|---|---|---|
| IEP-related notes | 7 years after last service | IDEA compliance |
| Behavioral data | 5 years after last service | Educational records |
| ABA therapy records | 7 years after last service | Healthcare records |
| Progress monitoring | 7 years after last service | Educational continuity |
Employee and Contractor Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Background check records | Duration of employment + 7 years | Legal compliance |
| Training records | Duration + 5 years | Compliance verification |
| Performance records | Duration + 3 years | HR practices |
| Payroll records | 7 years | Tax compliance |
Data Disposal Procedures
Electronic Data
- Identification: Identify data reaching end of retention period
- Review: Confirm no legal holds or exceptions apply
- Secure Deletion: Use approved secure deletion methods
- Verification: Verify successful deletion
- Documentation: Log deletion in audit trail
Secure Deletion Methods
- Standard Data: Secure overwrite (3-pass minimum)
- Sensitive Data: Cryptographic erasure or physical destruction
- Backup Data: Held in secure, access-controlled backups and purged on our routine backup rotation cycle
- Cloud Data: Certified deletion from provider
Physical Records
- Collection: Gather physical records for destruction
- Secure Storage: Store securely until destruction
- Destruction: Cross-cut shredding or incineration
- Certification: Obtain destruction certificate
- Documentation: Log destruction in records
Exceptions to Retention Periods
Legal Holds
Data may be retained beyond standard periods when:
- Subject to pending or anticipated litigation
- Under regulatory investigation
- Subject to legal preservation order
- Required for ongoing legal proceedings
Regulatory Requirements
Extended retention when required by:
- Court orders
- Government investigations
- Regulatory audits
- Tax authority requests
User Requests
Extended retention when:
- User requests data preservation
- Data needed for ongoing dispute resolution
- Consent given for longer retention
Your Rights
Access Your Data
Request a copy of data we retain about you:
- Submit request via email or portal
- Response within 30 days (45 for complex requests)
- Provided in portable format upon request
Request Deletion
When you request deletion, we will delete your account and associated personal data:
- Removed from active systems within 30 days of your request
- Residual copies in secure backups are removed on our routine backup-rotation cycle; deletions are re-applied if data is ever restored from backup
- We may retain specific data longer where required by law, under a legal hold, to resolve a dispute, to prevent fraud or protect safety, or in de-identified or aggregated form
- Educational, financial, and compliance records are retained for their required periods (for example, 7 years) even after account deletion, to the extent permitted or required by law
- Confirmation provided upon completion
Data Portability
Request data in portable format:
- Common machine-readable format
- Direct transfer to another service where feasible
Automated Retention Management
Systems and Processes
- Automated Flagging: Data flagged when approaching retention end
- Review Workflows: Human review for sensitive categories
- Deletion Scheduling: Automated deletion queues
- Audit Logging: All retention actions logged
- Exception Handling: Legal holds automatically applied
Regular Reviews
| Review Type | Frequency |
|---|---|
| Retention schedule review | Annual |
| Legal hold review | Quarterly |
| Policy compliance audit | Annual |
| Deletion verification | Monthly |
Contact Information
For data retention questions or requests:
Data Management Team Kids on the Yard Limitless Virtue LLC 9701 NE 2nd Ave, Suite #1069 Miami Shores, Florida 33138 U.S.A
| Contact | Information |
|---|---|
| Data Requests | [email protected] |
| Privacy Team | [email protected] |
| General | [email protected] |
| Phone | +1 786-382-2000 |
Related Policies
- Privacy Policy - Complete privacy practices
- AI Disclosure - AI data handling
- COPPA Consent - Children's data
- Incident Response - Data breach procedures
This Data Retention Policy is subject to change. Material changes will be communicated via email or website notice.
Tags
Need Help?
If you have questions about this policy or need assistance, please contact our support team.
Contact Support →