Data Retention Policy
This Data Retention Policy describes how Unveil Data LLC (“Unveil Data,” “we,” “us,” or “our”), operating as Secure Stream, retains, manages, and deletes information in connection with the Secure Stream platform and related services (the “Services”).
This policy should be read together with the Secure Stream Terms of Service, Privacy Policy, AI Data Use Policy, Subprocessor List, and any applicable Order Form, Data Processing Agreement, Business Associate Agreement, or written agreement. Where a signed written agreement specifies different retention terms, that agreement controls.
1. Purpose
Secure Stream retains information for the minimum period reasonably necessary to provide the Services, fulfill contractual obligations, support Customers, comply with legal requirements, resolve disputes, enforce agreements, and maintain the security and integrity of the Services.
This policy establishes default retention periods by data category. Actual retention may vary based on Customer agreements, account settings, legal holds, regulatory requirements, the specific Services used, and whether the data relates to an account, project, study, matter, case, event, stream, or other service engagement.
2. Retention Schedule
The following table summarizes default retention periods for categories of data processed through the Services. References to “completion” mean completion of the applicable project, study, matter, case, event, stream, or other service engagement, as reasonably determined by Secure Stream or as stated in the applicable agreement.
| Data Category | Default Retention Period | Details |
|---|---|---|
| Live Event Recordings (video, audio) | Duration of active account, project, event, subscription, or applicable agreement + 90 days after completion or termination | Retained while needed to provide the Services, support exports, complete deliverables, resolve disputes, or support Customer requests. After the applicable 90-day period, data is queued for deletion unless a different period applies. |
| Transcripts and Captions | Duration of active account, project, event, subscription, or applicable agreement + 90 days after completion or termination | Retained while needed for review, export, correction, transcript workflows, and related deliverables. After the applicable 90-day period, data is queued for deletion unless a different period applies. |
| Analytics Outputs (JuryDNA, Audio Xtract, dashboards, reports) | Duration of active account, project, event, subscription, or applicable agreement + 90 days after completion or termination | Retained while needed to provide reporting, dashboards, analytics review, or deliverables. Outputs derived from deleted Customer Content may be removed, become inaccessible, or no longer be reproducible. |
| Uploaded Files and Documents | Duration of active account, project, event, subscription, or applicable agreement + 90 days after completion or termination | Retained while needed for file processing, transcription, extraction, review, support, or deliverables. After the applicable 90-day period, data is queued for deletion unless a different period applies. |
| Project, Study, Case, Event, and Stream Metadata | Duration of active account, project, event, subscription, or applicable agreement + 1 year after completion or termination | Includes room names, event configuration, access settings, timestamps, processing status, and similar operational metadata. Retained to support auditability, troubleshooting, billing, and business records. |
| Account Information (name, email, credentials) | Duration of account + 1 year after account termination | Retained for account management during active use. After termination, retained for 1 year for billing, legal, security, and dispute resolution purposes. |
| Billing and Payment Records | 7 years after transaction date | Retained to comply with tax, accounting, financial record-keeping, and dispute resolution obligations. |
| Usage and Analytics Logs | 18 months from collection | Operational usage data is retained to understand service performance, troubleshoot issues, improve reliability, and support account administration. Aggregated or anonymized operational data may be retained indefinitely if it does not reasonably identify a Customer, Authorized User, participant, or Customer Content. |
| Server and Security Logs | 12 months from collection | Retained for security monitoring, incident response, and forensic purposes. May be extended during active investigations, legal holds, or security reviews. |
| Support Communications | Duration of account + 2 years after account termination | Retained to support ongoing service delivery and resolve post-termination inquiries, disputes, or support history. |
| Cookies and Session Data | Session to 12 months depending on cookie type | Essential cookies expire at session end or according to session settings. Functional and analytics cookies may persist up to 12 months. |
| Backup and Disaster Recovery Copies | Up to 90 days after source data deletion | Backups follow a rolling cycle. Deleted data may persist in backups for up to 90 days after deletion from active systems. |
3. Customer-Initiated Deletion
Customers may request deletion of active Customer Content at any time by submitting a verified written request to support@securestream.io.
A deletion request may apply to an entire account or to a specific project, study, matter, case, event, stream, room, recording, uploaded file, transcript, report, or other identifiable data set. Customers do not need to terminate their account to request deletion of data associated with a specific client, study, stream, or service engagement.
Secure Stream will use commercially reasonable efforts to delete active Customer Content from production systems within twenty-four (24) hours of receiving a verified deletion request, unless retention is required for legal, security, backup, billing, dispute, compliance, technical, or contractual reasons.
Customers should be aware that deletion of Customer Content may prevent Secure Stream from providing, reproducing, exporting, correcting, supporting, or maintaining deliverables, reports, transcripts, analytics, recordings, dashboards, or other outputs derived from that Customer Content.
Where a third party requests deletion of content submitted by a Customer, Secure Stream may require verification of authority and may direct the requester to the Customer responsible for the applicable account, project, study, matter, case, event, stream, or content.
4. Project, Study, Case, Event, and Stream-Level Deletion
Secure Stream recognizes that Customers may use the Services for multiple clients, studies, cases, events, or streams under the same account. A Customer may request deletion of data associated with a specific engagement without deleting unrelated account data or other Customer Content.
When submitting a targeted deletion request, Customer should identify the applicable project, study, matter, case, event, stream, room, date, file, or other identifier with enough detail for Secure Stream to locate the relevant data. Secure Stream may request additional verification or clarification before processing the deletion.
Targeted deletion may remove or make inaccessible recordings, transcripts, captions, uploaded files, analytics outputs, dashboards, reports, exports, and related data associated with the requested engagement. Account-level records, billing records, security logs, support history, and other records may be retained as described in this policy.
5. Account Termination and Post-Termination Retention
Upon account termination, whether initiated by Customer or Secure Stream, the following applies:
- Customer Content associated with the account, including recordings, transcripts, analytics, uploaded files, and related project data, is retained for 90 days after termination to allow Customer to export data and resolve any outstanding matters.
- After the 90-day post-termination period, Customer Content is queued for deletion from active systems unless a different period is required or agreed in writing.
- Account information, billing records, support communications, security logs, and operational records may be retained beyond the 90-day period as described in the Retention Schedule above.
- Customers who require a longer or shorter post-termination retention period should contact Secure Stream before termination to discuss available options.
6. Backup and Disaster Recovery
Secure Stream maintains backup and disaster recovery systems to protect against data loss and support business continuity. Deleted data may persist in backup systems for up to 90 days after deletion from active production systems, after which it is removed through normal backup rotation cycles.
Backup copies are subject to security controls such as access controls, encryption where supported, and monitoring. Secure Stream does not selectively restore individual items from backup systems except where technically feasible and appropriate, or in the context of a disaster recovery event.
7. Legal Holds and Regulatory Preservation
Secure Stream may suspend normal deletion schedules where required by applicable law, valid legal process, litigation hold, regulatory investigation, court order, contractual obligation, or security investigation. Data subject to a legal hold will be preserved until the hold is lifted, at which point normal retention and deletion schedules will resume.
Customers who become aware of a legal hold, litigation, regulatory investigation, or other preservation obligation affecting Customer Content should promptly notify Secure Stream at support@securestream.io.
8. Vendor and Subprocessor Retention
Secure Stream's subprocessors may retain data in accordance with their own retention practices and contractual obligations. Secure Stream uses commercially reasonable efforts to ensure that subprocessors delete or return Customer Content in accordance with applicable agreements and this policy.
Certain subprocessors, such as cloud infrastructure, streaming, transcription, authentication, support, and monitoring providers, may retain encrypted backups, logs, metadata, or operational records for their own security, legal, or operational purposes. Secure Stream's contracts with subprocessors include provisions restricting the use and retention of Customer Content.
9. Anonymization and Aggregation
Secure Stream may retain aggregated or anonymized operational data that cannot reasonably be used to identify a Customer, Authorized User, participant, or Customer Content. Such data is not subject to the deletion or retention periods described in this policy and may be retained indefinitely for analytics, reporting, service improvement, security, and operational purposes.
10. Changes to This Policy
Secure Stream may update this Data Retention Policy from time to time. Material changes will be communicated by email, through the Services, or by posting an updated version with a revised effective date. Secure Stream will provide at least thirty (30) days' notice before material changes take effect where commercially reasonable or legally required.
11. Contact
Questions about data retention or deletion may be directed to:
support@securestream.io© 2026 Unveil Data LLC. All rights reserved.
Need this for your records?
Download a clean copy of this policy in PDF or Word format.