# Data Retention and Deletion Policy

**Effective Date:** March 2026  
**Document Version:** 1.0

## Overview

This document describes Snack's data retention practices and deletion procedures. Organizations can configure retention settings through the Data Controls panel in Settings.

## Retention Categories

### User Account Data

| Data Type | Retention Period | Notes |
|-----------|------------------|-------|
| Profile information | Until account deletion | Name, email, avatar |
| Authentication data | Until account deletion | Password hashes, sessions |
| Notification preferences | Until account deletion | Email settings |

### Content Data

| Data Type | Retention Period | Notes |
|-----------|------------------|-------|
| Video files | Until deleted by user | Stored in Mux |
| Thumbnails | Until video deletion | Generated automatically |
| Transcripts | Configurable (see below) | Can be set to auto-delete |

### Transcript Retention Options

Organizations can configure transcript retention:

| Setting | Description |
|---------|-------------|
| Immediate deletion | Transcripts deleted after generation (0 days) |
| 7 days | Transcripts deleted after 7 days |
| 30 days | Transcripts deleted after 30 days |
| 90 days | Transcripts deleted after 90 days |
| 1 year | Transcripts deleted after 365 days |
| Indefinite | Transcripts retained until manual deletion |

**Note:** Retention settings apply to future transcripts. Existing transcripts follow the policy in effect at time of creation.

### Analytics Data

| Data Type | Retention Period | Notes |
|-----------|------------------|-------|
| View counts | Indefinite | Aggregated metrics |
| Watch time | 90 days (detailed), indefinite (aggregated) | Per-user data expires |
| Quiz responses | Until content deletion | Tied to content lifecycle |
| First-party behavior events | 30 days | Route templates, key-action clicks, funnel steps, reload signals, and error diagnostics. No session replay, form values, transcript text, or full URL query strings. |
| Behavior dashboard summaries | Rolling 30-day window | Derived from retained first-party behavior events and separated into restricted operational telemetry vs. non-K-12 product insights. |

### Audit Logs

| Data Type | Retention Period | Notes |
|-----------|------------------|-------|
| Impersonation logs | 7 years | Compliance requirement |
| Data control changes | 7 years | Compliance requirement |
| Authentication events | 90 days | Security monitoring |

## Deletion Procedures

### User-Initiated Deletion

Users can delete:

1. **Individual content**: Videos, playlists, assignments
2. **Account data**: Full account deletion available in Settings

### Organization-Initiated Deletion

Organization admins can:

1. **Remove members**: Removes user from organization (content follows org ownership)
2. **Delete organization content**: Bulk deletion of all org content
3. **Configure retention**: Set automatic transcript deletion policies

### Data Export

Before deletion, users can:

1. **Export content**: Download videos and transcripts
2. **Export analytics**: Download engagement data
3. **Export account data**: Full data export for portability

### Deletion Timeline

| Action | Timeline |
|--------|----------|
| Content deletion | Immediate (soft delete), 30 days (hard delete from backups) |
| Account deletion | 30 days grace period, then permanent |
| Backup purge | 30-90 days after deletion request |

## AI Processing Data

AI-related data follows special handling:

| Data Type | Retention | Notes |
|-----------|-----------|-------|
| AI request data | Zero retention | Deleted immediately by providers |
| Generated summaries | Tied to content | Deleted with content |
| Generated quizzes | Tied to content | Deleted with content |

## Compliance Deletion

For compliance-related deletion requests (GDPR, FERPA, etc.):

1. **Submit request**: Contact support@snack.io
2. **Verification**: Identity verification required
3. **Processing**: Completed within 30 days
4. **Confirmation**: Written confirmation provided

## K-12 Organizations

For K-12 organizations:

- Enhanced audit logging for all data access
- Per-ticket approval required for staff data access
- Stricter default retention settings recommended
- Priority processing for deletion requests

## Technical Implementation

### Soft Deletion

Most deletions use soft deletion:
- Data marked as deleted but retained briefly
- Allows recovery from accidental deletion
- Permanently purged after grace period

### Hard Deletion

Permanent deletion includes:
- Removal from primary database
- Removal from all replicas
- Purge from backups (within backup retention window)
- Removal from search indexes

## Contact

For data deletion requests:

- **General**: support@snack.io
- **Legal/Compliance**: support@snack.io
- **Emergency**: support@snack.io

---

*This document is provided for informational purposes. Actual retention periods may vary based on legal requirements and organizational settings.*