Bounded Health — Retention and Deletion Schedule
Version: v1.0 | Effective: February 7, 2026 | Last reviewed: February 7, 2026
Purpose
This schedule describes how Bounded Health, Inc. ("Bounded Health") retains and deletes different categories of data processed through its enterprise services. Our approach balances three goals: delivering reliable service, meeting legal and regulatory obligations, and respecting the data minimization expectations of our customers.
Guiding Principles
- Purposeful retention. We retain data only as long as necessary for the contracted service, legal compliance, or audit integrity. Data that no longer serves a legitimate purpose is scheduled for deletion.
- Auditable deletion. Every deletion action is recorded in immutable audit logs so that both Bounded Health and the customer have a verifiable record that data was properly removed.
- Regulatory flexibility. Where specific legal or regulatory requirements mandate longer retention (such as financial recordkeeping obligations or healthcare compliance requirements), those requirements take precedence over the standard windows described below.
Retention Schedule
| Data Class | What It Includes | Standard Retention Window | What Happens After |
|---|---|---|---|
| Account and tenant records | Organization profiles, user accounts, role assignments, tenant configuration | Duration of the contract plus a compliance wind-down period (typically 90 days) | Hard-deleted from production systems; backup copies purged within the standard backup rotation cycle |
| Operational logs | API request logs, system event logs, security audit trails | Up to 7 years for audit-relevant entries; shorter retention for routine operational logs | Archived to cold storage during the retention period, then permanently deleted on schedule |
| Billing and contract artifacts | Invoices, payment records, signed order forms, usage reports | Duration of the contract plus a finance retention window (aligned with applicable accounting standards) | Moved to controlled archival, then permanently deleted after the retention period expires |
| Support and ticket metadata | Help desk tickets, correspondence, troubleshooting notes | Duration of the active service relationship plus a post-contract support period | Purged on a scheduled basis after the retention window closes |
Customer-Directed Deletion
Customers may request deletion of their data at any time through authenticated support or contract channels. When we receive a valid deletion request:
- Verification. We confirm the request is properly authorized by the customer's designated administrator or contract authority.
- Scoping. We identify the data covered by the request and confirm with the customer before proceeding (especially where partial deletion is involved).
- Execution. We delete the specified data from production systems. Depending on system architecture, some deletion operations may be processed in batches.
- Confirmation. We provide written confirmation that the deletion was completed, along with an audit trail reference.
In some cases, specific records may need to be retained beyond the customer's deletion request due to legal or regulatory requirements. If that occurs, we will explain the basis for the continued retention to the customer.
Contact
For questions about data retention or deletion requests, please contact: privacy@boundedhealth.com