Data Retention Policy

SPU Stewardship Holdings LLC (Delaware) · d/b/a S.T.E.W.A.R.D. Consulting
Effective: April 2026 · Required under 16 CFR § 312.10

Purpose

This policy defines how long S.T.E.W.A.R.D. Tutor retains personal information collected from children under 13, teachers, and parents, and the procedures for secure deletion. This policy is required under the Children's Online Privacy Protection Rule (16 CFR § 312.10) and is publicly available as mandated by the 2025 COPPA amendments.

Retention Schedule

Data CategoryRetention PeriodDeletion Method
Student learning interactions (chat logs, responses)Duration of active subscription + 90 daysPermanent database deletion
Student mastery recordsDuration of active subscription + 90 daysPermanent database deletion
Student session historyDuration of active subscription + 90 daysPermanent database deletion
Engagement milestonesDuration of active subscription + 90 daysPermanent database deletion
Diagnostic assessment resultsDuration of active subscription + 90 daysPermanent database deletion
Scaffolding and difficulty dataSession duration only (in-memory)Automatic — not persisted beyond session
Student PINs (hashed)Duration of active enrollmentRow deletion from users table
IEP/504 accommodation flags (encrypted)Duration of active enrollmentRow deletion + encryption key rotation
Parental consent records3 years after consent or revocationPermanent database deletion
Teacher account dataDuration of subscription + 90 daysPermanent database deletion
Subscription and billing data7 years (tax/accounting requirement)Permanent deletion after retention period
AI audit logs (anonymized)1 yearBatch deletion via scheduled job
Security incident records3 yearsArchival then permanent deletion
Claude API interaction data (at Anthropic)7 days (Anthropic policy)Automatic deletion by Anthropic

Deletion Triggers

Data Minimization at Collection

We collect only the minimum data necessary for educational service delivery. Student names are first-name-only. No last names, email addresses, phone numbers, social media, location, biometric, or device data is collected from students. PII is stripped from all data sent to the AI provider — only anonymized academic interactions reach the Claude API.

Deletion Verification

Deletion operations are logged with timestamps and verified through automated integrity checks. Backup systems are purged on the same schedule. Encrypted fields use AES-256-GCM; upon deletion, the encryption key material associated with deleted records is destroyed.

Data Security Coordinator

Questions about data retention or deletion requests should be directed to our designated data security coordinator at [email protected].

Last update