Last Revised: April 2026
1. Purpose
Kinzoo Technologies is committed to collecting, storing, and securely disposing of data responsibly with strict limits for data from children (including those under 13 in the U.S. under COPPA, and minors under applicable GDPR thresholds in the EU/EEA). This policy ensures:
- Compliance with COPPA (16 CFR Part 312), which prohibits indefinite retention of children's personal information and requires deletion when no longer reasonably necessary for the specific purpose collected.
- Compliance with GDPR principles (Art. 5(1)(e) storage limitation; Art. 8 child consent; recital 38 heightened protection), limiting retention to what is necessary and proportionate.
- Data minimization, reduced risk, and support for parental rights (e.g., access, deletion requests).
This Data Retention Policy also defines how long different types of personal and business data are retained, ensuring compliance with applicable laws (e.g., COPPA, GDPR, CCPA, tax regulations, employment laws, etc), minimizing security risks, reducing storage costs, and supporting operational efficiency.
We retain data only as long as necessary for the purposes collected or as required by law, after which it is securely deleted, anonymized, or destroyed.
We retain children's data only as long as reasonably necessary for the exact purpose collected - never indefinitely - and delete or anonymize it securely thereafter.
2. Scope
This policy applies to:
- All personal data (any information relating to an identified or identifiable individual), including potential data from children under 13 (COPPA regulated) or minors (GDPR)
- Personally Identifiable Information (PII) includes (but is not limited to): name, email, username, photos, videos, voice recordings, IP address, location, device type, purchase history, application version, push tokens, persistent identifiers, analytical/behavioral data, etc.
- All systems, including apps, websites, databases, cloud storage, email, backups and paper files
- Applies globally where children's data is processed; U.S. users under 13 trigger COPPA; EU/EEA users trigger GDPR.
- All business records and documents (electronic and physical)
- All employees, contractors, consultants, and third parties who handle Kinzoo Technologies data
3. Principles
3.1 General Principles
- Data minimization - Collect and retain the most minimal data necessary.
- Retention by purpose - Retention periods are based on legal, contractual, operational, or legitimate business needs.
- Secure disposal - Data no longer needed is permanently deleted using methods that prevent recovery (e.g., secure erase, cryptographic wiping, shredding for paper).
- Legal holds - If litigation, audit, or investigation is reasonably anticipated, relevant data must be preserved regardless of normal retention periods. Contact Legal/Compliance immediately.
- Review - This policy is reviewed annually or after major regulatory changes.
3.2 Children’s Data Principles
- Strict necessity - Collect and retain only what's essential for the service (e.g., no retention for advertising without separate verifiable parental opt-in under updated COPPA). Children’s personal information is deleted when it is no longer reasonably necessary to fulfill the purpose for which it was collected, even if the retention period has not yet expired.
- PII Anonymization - Data anonymization or removal is irreversible with one-way data transformation of identifiers such that the data can no longer reasonably be linked to an identifiable child.
- No indefinite retention - Explicitly prohibited for children's data under COPPA and contrary to GDPR storage limitation.
- Parental rights - Parents/guardians can request review, correction, or deletion at any time (COPPA & GDPR).
- Age-appropriate safeguards - Verifiable parental consent required before collection/use/disclosure (COPPA); for GDPR, lawful basis (often consent) with reasonable efforts to verify parental authorization for under-16s (or lower per member state).
- Secure deletion - Use reasonable measures (e.g., overwriting, cryptographic erasure) to prevent recovery.
- Legal holds - Suspended if litigation/regulation/law enforcement operations requires preservation.
- Review - Policy reviewed yearly or after regulatory changes (e.g., FTC COPPA updates).
4. Roles and Responsibilities
- Data Owners / Department Heads - Determine retention needs for their data categories and ensure compliance.
- Development Team / Security Coordinator - Implement technical controls for retention enforcement, backups, and secure deletion.
- Compliance / Legal - Monitor regulatory requirements and handle legal holds.
- All Employees - Follow this policy and report any concerns.
5. Data Retention Schedule
Retention periods start from the date the data becomes inactive (e.g., end of contract, last interaction, tax filing date, account closure) unless otherwise stated. Children's data is subject to stricter retention limits than adult data.
5.1 General Retention Schedule
| Category | Examples | Retention Period | Rationale / Notes |
|---|---|---|---|
| Accounting & Tax Records | Invoices, receipts, payroll records, tax returns, bank statements | 7 years after tax filing | CRA, employment and tax authority requirements |
| Contracts & Agreements | Customer contracts, vendor agreements, NDAs | 7 years after expiration/termination | Contract statutes of limitations |
| Customer / User Data | Account details, order history, support tickets, marketing consent | Duration of relationship + 2-3 years | Business needs, COPPA and GDPR/CCPA erasure rights |
| Marketing & Communications | Email lists, campaign analytics, unsubscribe requests | Until consent withdrawn + 1 year | CAN-SPAM / GDPR requirements |
| Employee / HR Records | Applications, resumes, performance reviews, payroll, benefits | Employment + 4-7 years | Employment laws, CRA |
| Financial Statements & Audits | Annual reports, audit trails | Permanent | Corporate governance |
| Legal Documents | Litigation files, IP registrations, insurance policies | Permanent or 10+ years post-resolution | Statute of limitations |
| Website / App Logs | Server logs, access logs | 6-12 months | Security monitoring |
| Backup Data | Internal / business backups | 30-90 days (or as per disaster recovery) | Operational recovery only |
| Application Backup Data | Application, database, user generated content backups | 14-60 days (or as per disaster recovery) | Operation recovery only, rolling forward |
| Inactive / Dormant Accounts | User accounts with no login for X period | 365 days then anonymize or delete | COPPA and GDPR right to erasure |
| Deleted User Accounts | User requested account deleted | Immediate anonymization of personal identifiers | COPPA and GDPR right to erasure |
Permanent records (e.g., articles of incorporation, board minutes, key IP) are kept indefinitely in secure archives.
5.2 User Data Retention Schedule
Retention starts when data becomes inactive (e.g., end of session, account closure, purpose fulfilled) unless stated. Children's data periods are shorter and stricter than adult data.
| Category | Examples (Children's PII) | Retention Period for Children's Data | Rationale / COPPA & GDPR Notes |
|---|---|---|---|
| Account & Profile Data | Username, age indicator, parent-linked contact info | Duration of active use followed by anonymization | Only as long as necessary for service; deleted post-inactivity (COPPA necessity; GDPR minimization) |
| Interactive / User-Generated | Messages, drawings, uploaded photos/videos/audio | Account duration followed by anonymization and removal | Delete promptly unless parent-requested retention; no indefinite (COPPA explicit prohibition) |
| Support / Communications | Chat logs, tickets with child PII | Resolution followed by anonymization | Fulfill support purpose only; parental deletion rights override |
| Usage / Analytics (Internal Only) | Aggregated/anonymized stats; persistent identifiers (limited) | 12 months max followed by anonymization | Internal operations only (COPPA exception); no behavioural profiling without opt-in consent |
| Marketing / Advertising | Consent records, lists (if any) | Until consent withdrawn followed by anonymization or deletion | Separate verifiable opt-in required (updated COPPA); minimal retention |
| Audio/Voice Files | Voice recordings | Account duration followed by anonymization — audio/voice exist within user conversations | Audio or voice recordings transmitted as user-generated messages are retained only as part of the active conversation history and are deleted or anonymized when the associated account is deleted. Voice data is not retained for biometric identification or unrelated purposes. |
| Backups (Children's Data) | System backups containing child PII | 14 days (short-term only) | Exclude or pseudonymize children's data from long-term backups where technically possible. Data deleted from active systems immediately and removed from backups during normal rotation cycles |
| Inactive Accounts | Dormant child accounts | 365 days then auto-delete and anonymized | COPPA: no indefinite retention; GDPR: right to erasure. Dormant child accounts with no login activity for 12 months are automatically deleted or anonymized.This retention period allows reasonable time for account reactivation by parents while preventing indefinite storage of children’s personal information. |
| Legal / Tax (if applicable) | Limited records (e.g., consent proofs) | As required by law (e.g., 1-3 years max) | Override only for legal obligation; document justification |
Adult / non-child data follows the general schedule, but children's data is segregated and subject to shorter limits. Permanent records do not include children's PII unless strictly required by law.
6. Data Deletion & Disposal
- At the end of the retention period, data is:
- Permanently deleted from all active systems;
- Anonymized (if appropriate);
- Logs maintained for audit, performance monitoring and internal metrics purposes
- Physically destroyed
- cross-cut shredding or certified destruction
- Upon parental request:
- Data is promptly deleted according to retention policy and procedures with confirmation provided to parent
- Residual data (e.g., caching) is purged as soon as technically possible
- Automated deletion tools and scripts are employed where technically possible
- Deletion certificates/logs are maintained where appropriate for a reasonable period of time
- PII is not included within logs
7. Exceptions & Legal Holds
If a legal hold is placed (e.g., subpoena, anticipated lawsuit, law enforcement investigation), destruction is suspended until Legal and Security Coordinator approves removal.
Anonymized data may be retained indefinitely if fully irreversible.
No employee may destroy relevant records once notified of a hold.
8. Training & Enforcement
All relevant personnel review and abide by this policy. Violations may result in disciplinary action, up to termination.
9. Review & Updates
This policy is reviewed at least annually or upon significant changes in laws/business operations.
