Privacy
Retention Schedule
Last updated: 20 April 2026
This schedule explains the default retention rules StudyVector uses for the main categories of personal data. It is designed to support UK GDPR minimisation and storage-limitation decisions while preserving records needed for security, billing, school contracts, and legal obligations.
Account deletion removes or anonymises account-linked learning data on a best-effort basis. Some billing, security, or school-controlled records may need to be retained for a limited period.
Account profile
Examples: Email, name, account role, preferences, selected subjects, exam year, board choices.
Default retention: Account lifetime.
Deletion trigger: Deleted during self-service account deletion unless a legal retention exception applies.
Notes: Minimum data needed to provide the account and saved study flow.
Study and progress data
Examples: Answers, attempts, mastery signals, mistake logs, recommendations, study plans, Battle Mode learning progress.
Default retention: Account lifetime, then deleted or anonymised during account deletion.
Deletion trigger: Self-service account deletion or verified erasure request.
Notes: Aggregated product metrics may be retained only where no individual is identifiable.
Uploaded documents and generated study assets
Examples: PDF upload sessions, module handbooks, extracted text, embeddings, flashcards, revision packs.
Default retention: Account lifetime unless the user deletes the asset earlier.
Deletion trigger: Self-service account deletion and storage cleanup, or asset-specific deletion where available.
Notes: Private files should be removed from storage before deleting database rows that contain paths.
School and parent links
Examples: Class memberships, homework progress, parent-student links, school memberships and access records.
Default retention: For the life of the school/customer relationship plus the agreed contract retention period.
Deletion trigger: School instruction, verified student/parent request where applicable, or account deletion where StudyVector is controller.
Notes: Where the school is controller, deletion/export may need school instruction rather than unilateral deletion.
Support and school enquiries
Examples: Contact form messages, starter-pack requests, procurement enquiries, support records.
Default retention: 24 months after last meaningful contact by default.
Deletion trigger: Earlier deletion on request unless needed for legal, safety, billing, or dispute records.
Notes: Keep shorter if the enquiry is clearly spam or no longer useful.
Billing and tax records
Examples: Stripe customer IDs, subscription IDs, invoice and refund metadata, payment status.
Default retention: 6 years after the tax year or transaction period, unless finance/legal advice sets a different period.
Deletion trigger: Anonymise local references where possible after account deletion, but keep records needed for tax/accounting/legal claims.
Notes: Stripe remains an independent processor/controller for payment records under its own terms.
Security, fraud and abuse logs
Examples: IP-based rate limits, audit logs, authentication/security events, abuse reports.
Default retention: Up to 12 months by default; longer only for active investigations or legal claims.
Deletion trigger: Expiry of retention period or closure of investigation.
Notes: Keep access restricted and review for minimisation.
Optional analytics and marketing measurement
Examples: GA4, PostHog, Vercel Analytics, TikTok Pixel where configured and consented.
Default retention: Provider default or configured retention, reviewed at least annually.
Deletion trigger: Withdrawal of consent stops future collection; local optional storage is cleared where possible.
Notes: Avoid sending answer text, uploads, or free-text form messages to optional analytics.
Marketing email preferences
Examples: Consent status, unsubscribe token, engagement logs, campaign source.
Default retention: Until unsubscribe plus a suppression record as long as needed to honour the opt-out.
Deletion trigger: Unsubscribe or erasure request, while preserving minimal suppression data where needed.
Notes: Keep proof of consent and opt-out status separate from marketing content where possible.