Last updated: 22 December 2025
Data Retention
This page summarises how long we keep different categories of data. Retention can vary depending on legal obligations, security needs, and how you use the service.
1. Principles
- We keep personal data only as long as needed for the purposes described in our Privacy Notice.
- We aim to minimise data and delete or anonymise when no longer needed.
- Some data may be retained longer for legal compliance, fraud prevention, or security investigations.
- Backups may persist for a limited period before being overwritten.
2. Typical retention categories
Account data (email, profile basics): kept while your account is active. If you request deletion, we aim to delete or anonymise within a reasonable time, subject to the constraints below.
Learning data (subjects, preferences, diagnostics, session content you enter): kept while your account is active to provide continuity and progress tracking. Deleted/anonymised on account deletion request, subject to backups and legal/security holds.
Security and audit logs (IP, device/browser info, service logs): kept for a limited period appropriate to detect abuse, maintain reliability, and investigate incidents. We try to minimise and restrict access.
Billing records (subscription status, payment metadata): retained as required for accounting, tax, chargeback handling, and dispute resolution. Card details are handled by our payment provider.
3. Deletion requests
You can request deletion of your account data by contacting hello@gcsespark.co.uk. We may need to retain limited information where required by law or to establish, exercise, or defend legal claims.
4. Schools and institutions
For schools/institutions, retention expectations may be set by the institution's policies and your deployment model. See Schools & Institutions for procurement queries.