Data Retention and Deletion Policy
Organization: Aina Design Corp
Applies To: hawaii.mokunet.us · kuleana.ainadesign.org · huikoeaina.ainadesign.org · ainadesign.org
Version: 1.0
Effective Date: February 20, 2026
Next Review: February 20, 2027
Policy Owner: Data Governance Lead
This policy defines how long Aina Design Corp retains different categories of data and how data is securely deleted when retention periods expire or when a district requests data removal. Proper retention and deletion protects student privacy, limits organizational liability, and supports FERPA compliance.
•
Data is retained only as long as necessary to fulfill the educational purpose or meet legal obligations.
•
When data is no longer needed, it is deleted using secure methods that prevent recovery.
•
Districts retain full ownership of their data and may request deletion at any time within the terms of their agreement.
•
Retention schedules are documented and consistently applied.
Student Education Records
Student PII (roster, identifiers)
Duration of active project + 1 year
Student-created artifacts and work
Duration of active project + 1 year, or as specified in district contract
Assessment and rubric data
Duration of active project + 1 year
Special education / sensitive records
Duration of active project + 1 year; no retention beyond contract close
District contract + FERPA
Districts may request shorter retention periods in their Data Governance Plan.
Authentication and access logs
Administrative change logs
Security incident records
Compliance policies and evidence
3 years after supersession
Duration of employment + 3 years
•
The Data Governance Lead reviews retention schedules quarterly.
•
Data reaching end-of-retention is flagged for deletion.
•
Deletion is executed by an authorized engineer and confirmed in writing.
•
A deletion record (what was deleted, by whom, when) is stored in audit logs.
4.2 Secure Deletion Standards
•
Database records: Hard delete (not soft archive) for expired student data; deletion confirmed via query.
•
File/media storage: Storage provider secure delete API; no recovery path retained.
•
Backups: Expired data excluded from backup rotation; after backup expiry, confirmeddeleted in next cycle.
4.3 District-Requested Deletion
Districts may request data deletion at any time. Upon receipt of a written request:
1.
Data Governance Lead acknowledges the request within 5 business days.
2.
Deletion is completed within 30 days of acknowledgement.
3.
Written confirmation of deletion is provided to the district.
When data is subject to a legal hold (subpoena, investigation, litigation):
•
The Data Governance Lead is notified immediately.
•
Affected data is flagged and excluded from scheduled deletion.
•
The hold is lifted only by written authorization from legal counsel.
Before deletion of district project data, districts are offered:
•
A full data export in a standard format (JSON or CSV)
•
30 days advance notice before platform data is purged at project close
•
Confirmation of deletion upon request
This policy is reviewed annually and whenever a new district contract introduces non-standard retention requirements.
Data Governance Lead: _________________________
Compliance Officer: _________________________
Date Approved: _________________________