Data Retention Policy
Effective Date: July 1, 2025
Last Updated: July 1, 2025
Version: 1.0
🚫 Zero PHI Storage Policy
MDS Genie NEVER stores Protected Health Information (PHI). Clinical notes and patient data are processed in real-time through our AI pipeline and immediately discarded. This policy details what we DO store and our retention practices for non-PHI data.
1. Overview
This Data Retention Policy outlines how MDS Genie collects, processes, retains, and deletes data in compliance with HIPAA, state privacy laws, and industry best practices. Our fundamental principle is to retain only the minimum data necessary for service delivery and legal compliance.
2. Data Categories and Retention Periods
| Data Category |
What We Store |
Retention Period |
Deletion Method |
| Clinical Notes / PHI |
NOTHING - Processed and immediately discarded |
0 seconds (never stored) |
Automatic memory purge |
| MDS Assessment Results |
NOTHING - Returned to user, not stored |
0 seconds (never stored) |
No storage occurs |
| User Account Data |
Name, email, organization, encrypted password |
Account lifetime + 7 years |
Secure deletion per NIST standards |
| Payment Information |
Transaction IDs, amounts (via Stripe - no card data) |
7 years (tax compliance) |
Automated deletion |
| Usage Analytics |
Assessment count, confidence scores (no PHI) |
2 years |
Automated deletion |
| Session Data |
Login sessions, IP addresses |
30 days |
Automated cleanup |
| Security Logs |
Access logs, authentication events |
90 days |
Automated rotation |
| Support Tickets |
Non-PHI support communications |
2 years |
Manual review & deletion |
| Legal Documents |
Signed agreements, BAAs |
Contract term + 7 years |
Secure archive deletion |
3. PHI Processing (Zero Storage)
Clinical Data Lifecycle
- Input (0s): User pastes clinical note into browser
- Transmission (1-2s): Encrypted transfer to Azure OpenAI
- Processing (2-5s): AI generates MDS codes
- Response (5-6s): Results returned to user's browser
- Deletion (6s): All data purged from our systems
Total PHI exposure window: < 6 seconds | Storage time: 0 seconds
4. Data We DO Store
4.1 Account Information
- User registration details (name, email, organization)
- Authentication credentials (bcrypt hashed passwords)
- Account preferences and settings
- Terms of Service and Privacy Policy acceptance records
4.2 Service Usage Data
- Number of assessments performed (count only)
- Average confidence scores (aggregate metrics)
- Timestamps of service usage
- Credits purchased and consumed
4.3 Technical Data
- IP addresses for security monitoring
- Browser type and version for compatibility
- Session tokens for authentication
- Error logs (sanitized, no PHI)
5. Legal Basis for Retention
| Retention Reason |
Legal Basis |
Duration |
| Tax Compliance |
IRS regulations |
7 years |
| Contract Records |
Business requirements |
Contract term + 7 years |
| Security Monitoring |
HIPAA security rule |
90 days |
| Dispute Resolution |
Legal defense |
Statute of limitations |
6. Data Deletion Procedures
6.1 Automated Deletion
- Session cleanup: Daily automated process removes expired sessions
- Log rotation: Security logs automatically deleted after 90 days
- Usage data: Analytics older than 2 years automatically purged
6.2 User-Requested Deletion
Right to Delete: Users can request account deletion at any time by emailing privacy@mdsgenie.ai. We will:
- Delete your account within 30 days
- Remove all personal information
- Retain only anonymized usage statistics
- Keep financial records as required by law (7 years)
6.3 Secure Deletion Standards
- NIST 800-88 Guidelines for Media Sanitization
- Cryptographic erasure for encrypted data
- Multi-pass overwriting for physical media
- Certificate of destruction for hardware disposal
7. Data Backup and Recovery
⚠️ Important: No PHI in Backups
Since we never store PHI, our backups contain only:
- User account information
- System configuration
- Usage analytics (no clinical data)
- Application code and settings
Backup Schedule
- Daily: Incremental backups of user accounts
- Weekly: Full system backups
- Monthly: Archived for disaster recovery
- Retention: 90 days for operational backups
8. Third-Party Data Processing
8.1 Azure OpenAI
- Processes clinical notes for MDS generation
- No long-term storage per our agreement
- HIPAA Business Associate Agreement in place
- Data deleted per Microsoft's zero-retention policy
8.2 Stripe (Payments)
- Processes payment transactions
- Stores payment methods (we don't see card numbers)
- PCI DSS compliant
- Retains data per their privacy policy
9. Data Portability
Users can request a copy of their stored data by emailing privacy@mdsgenie.ai. We will provide:
- Account information in JSON format
- Usage history and analytics
- Transaction records
- No clinical data (as none is stored)
10. Compliance and Auditing
Regular Reviews
- Quarterly: Data retention compliance audit
- Annually: Full policy review and update
- As needed: Updates for regulatory changes
Audit Trail
- All data deletions are logged
- Retention policy violations trigger alerts
- Annual third-party compliance verification
11. Special Circumstances
11.1 Legal Holds
In case of litigation or regulatory investigation, we may be required to preserve certain data beyond normal retention periods. Affected users will be notified unless prohibited by law.
11.2 Data Breaches
In the event of a security incident, we may retain affected data longer for forensic analysis and legal compliance. PHI is not at risk as it is never stored.
12. Updates to This Policy
We may update this policy to reflect changes in our practices or legal requirements. We will:
- Notify users of material changes 30 days in advance
- Post the updated policy with revision date
- Maintain a version history
- Never reduce protections retroactively
Questions About Data Retention?
Privacy Team: privacy@mdsgenie.ai
Data Deletion Requests: privacy@mdsgenie.ai
Response Time: Within 30 days for all requests
Privacy Policy |
Security Overview |
Terms of Service