Retention
The short version: no health data is stored on our side. The only thing we keep from a scan is a usage record for billing and quota.
Retention by Category
Section titled “Retention by Category”| Data | Retention | Details |
|---|---|---|
| Raw camera video / frames | Never uploaded | Stay on the user’s device. Discarded by the SDK after the scan. |
| Uploaded RGB tensor | Not retained | Processed by the inference engine and discarded immediately after. |
| Vital sign results | Not retained | Returned synchronously in the API response. Never written to a Circadify-side store. |
| Usage record | Duration of contract | ”This developer used 1 scan at time T.” Used for billing and quota. Contains no health data. |
| Audit logs | 6 years | Account-administration events. No health data. Retained per HIPAA. |
| Developer accounts | Duration of contract | Email, name, company, API key hashes. |
How “Not Retained” Works
Section titled “How “Not Retained” Works”When the SDK uploads an RGB tensor, our inference engine receives it, computes vital signs, and returns the result in the same API response. After the response is written, the engine discards the tensor and the result. Nothing health-related is committed to a Circadify-side store.
If you need to retain a user’s vital sign results — for trends, history, or clinical records — write them to your own application database when you receive the response. Circadify will not have a copy.
What Is Always Retained
Section titled “What Is Always Retained”Audit logs are kept for compliance purposes (HIPAA requires a minimum 6-year retention). Audit logs contain account-administration events (key creation, login, configuration changes, etc.) — they do not contain health data, vital sign results, or RGB tensors.
Developer accounts, API key hashes, and usage counters are persisted for the duration of your contract.
Enterprise customers with specific retention requirements should contact support@circadify.com to discuss options.
Legal Holds
Section titled “Legal Holds”Because Circadify does not retain health data, legal holds apply only to audit logs and developer account data. If you have a legal hold requirement, contact support@circadify.com.