Retention
Circadify retains data only as long as necessary. Default retention periods and configuration options are listed below.
Default Retention Periods
Section titled “Default Retention Periods”| Data Type | Retention | Details |
|---|---|---|
| Vital sign results | Not persisted (default) | Returned directly in the HTTP response. Not stored server-side. |
| Session metadata | Duration of request | Transient state used during upload orchestration. Cleaned up immediately after results are delivered. |
| Vital sign results (persist mode) | 15 minutes (configurable TTL) | When PERSIST_VITALS=true, results are cached for polling. Auto-deleted via TTL. |
| Telehealth session context | 15 minutes (configurable TTL) | Patient ID, encounter ID, EHR tokens — cached alongside results when persist mode is enabled. |
| Audit logs | 6 years | Partitioned by month. Retained per HIPAA requirements. No health data. |
| Developer accounts | Duration of contract | Email, name, company, plan tier, API key hashes. |
| Usage records | Indefinite | Monthly aggregate scan counts per developer/tenant. |
How Retention Works
Section titled “How Retention Works”Default Mode (PERSIST_VITALS=false)
Section titled “Default Mode (PERSIST_VITALS=false)”By default, vital sign results are returned directly to the client in the HTTP response from the upload-complete endpoint. No health data is stored server-side after the response is delivered. Session metadata (session ID, status, timestamps) is held transiently during the upload and processing flow, then cleaned up immediately once results are returned.
Persist Mode (PERSIST_VITALS=true)
Section titled “Persist Mode (PERSIST_VITALS=true)”For async or telehealth workflows that require polling for results, setting PERSIST_VITALS=true enables ephemeral caching of session results with a configurable TTL (default 15 minutes). When the TTL expires, the data is automatically and irreversibly deleted. This mode is required when using the GET /sdk/session/result/{sessionId} polling endpoint.
What Is Always Stored
Section titled “What Is Always Stored”Audit logs are retained for compliance purposes (HIPAA requires a minimum 6-year retention). These logs do not contain health data — they record access events (who, what, when, outcome). Developer accounts, API key hashes, and usage counts are also persisted but contain no health data.
Enterprise customers with specific retention requirements should contact support@circadify.com to discuss options.
Automatic Deletion
Section titled “Automatic Deletion”In persist mode, session data is automatically deleted when the TTL expires. Deletion is immediate and irreversible at TTL expiry — no queuing or manual scheduling is required.
In default mode, there is no stored health data to delete — vitals are returned inline and session metadata is cleaned up immediately.
Legal Holds
Section titled “Legal Holds”Because session health data is either not persisted (default mode) or auto-expires within minutes (persist mode), legal holds apply primarily to audit logs and developer account data. If you need to preserve audit records beyond the standard retention period or have a legal hold requirement, contact support@circadify.com.