# Data Retention and Disposal Policy Effective June 11, 2026 | Version 1.0 This policy explains how long The Ladder AI keeps common categories of data and how deletion is handled. ## Data We May Retain The Ladder AI may retain: - Account and identity data, such as email address and authentication identifiers. - Training progress, placement results, pathway selections, and workspace activity. - Assessment transcripts, validation records, credentials, and transcript evidence. - Support communications and issue reports. - Usage analytics and operational logs. - Institutional or billing records when applicable. ## Retention Schedule Data is retained only as long as needed to provide the service, maintain credential integrity, meet legal obligations, resolve disputes, support security, and satisfy institutional agreements. General retention targets: - Account data: while the account is active, then deleted after a reasonable recovery and processing period after a verified deletion request. - Training progress: while the account is active or until deletion is requested. - Certification and transcript evidence: retained while needed to verify issued credentials, unless deletion is required by law or contract. - Support communications: retained for support quality, audit, and dispute-resolution purposes. - Usage analytics: retained in aggregated or anonymized form where practical. - Financial or institutional records: retained as required for tax, accounting, contract, or audit obligations. ## Deletion Requests Users may request deletion of personal information associated with their account. Some records may need to be retained when required for legal, security, fraud-prevention, accounting, credential-integrity, or contractual reasons. If a credential or transcript record is deleted, the ability to verify that credential may be limited or removed. ## Disposal When data reaches the end of its retention period or a deletion request is approved: - Data is deleted from active systems where technically feasible. - Backups age out according to normal backup cycles. - Third-party service providers are instructed to delete data when required and feasible. - Aggregated or anonymized information may be retained when it no longer identifies an individual. ## Institutional Deployments Written agreements with schools, employers, public agencies, or organizations may set specific retention and disposal requirements for managed learner deployments. Those agreement terms control for that deployment.