1. Why retention matters
Personal data should be kept only as long as it serves a legitimate purpose. Practicks retains data along two dimensions: (a) how long the underlying service needs it, and (b) how long applicable law requires it to be kept (e.g. audit-log retention for security investigations).
2. Retention by data category
2.1 Account data
Kept while your account is active. For institutional accounts, your institution's administrator controls account lifecycle (provisioning, deactivation, deletion). When an account is deactivated, login is disabled but the historical record (attempts, reports) remains available to the institution for their own retention window. When deleted, see Section 3.
2.2 Attempt and assessment data
Attempts, answers, scores, time per question, and derived reports are retained as long as the institution's subscription is active. After the subscription ends, attempt data is kept for an additional 90 days to permit re-activation, then archived. Self-service accounts retain attempt data for as long as the account remains active.
2.3 Proctoring photos and telemetry
Webcam photos captured during opted-in proctored attempts are retained for 180 days from the date of the attempt, then automatically deleted. Browser-side telemetry observations (no images, only signals) follow the same window. The shorter window reflects the sensitivity of the data and the operational need (reviewers should be able to revisit a contested attempt within a reasonable period).
2.4 Faculty notes and uploaded files
Notes uploaded by faculty and other institution-authored content are retained while the institution's subscription is active and for 30 days thereafter. Faculty can delete their own notes anytime; campus admins / org admins can delete on their behalf.
2.5 Audit logs
Security-relevant events (sign-in, password change, role change, sharing and deletion of content) are retained for 1 year to support security investigations and compliance audits. Audit logs are retained for this period even after an account is deleted, as required by the IT Act for incident traceability.
2.6 Database backups
Automated database backups are retained for 30 days on a rolling window. Deleted personal data may persist in backups for up to the backup window but is not used to restore an individual record; backups are used only for disaster-recovery of the platform as a whole.
2.7 Anonymised / aggregated data
Statistical aggregates (e.g. "average accuracy on Chapter 3 of CBSE Class 12 Physics") that cannot reasonably be re-identified to a single user may be retained indefinitely for service improvement and research.
3. Deletion requests
You can request deletion of your personal data by:
- Institutional users: contacting your institution's administrator. They will initiate deletion in coordination with Practicks.
- Self-service users: contacting us using the details on the Contact page.
On a verified deletion request:
- Account credentials and profile fields are deleted within 30 days.
- Attempt history is anonymised (linked to a deleted-user placeholder) within 30 days.
- Proctoring photos for that user are deleted within 30 days.
- Audit log entries are retained as described in Section 2.5; the user identifier may be replaced by an opaque token after the audit retention window.
- Residual data in database backups expires per the 30-day rolling window in Section 2.6.
4. Exceptions
We may retain specific data beyond the windows above where retention is required by law (e.g. a pending legal hold), required to defend a legal claim, or required by your institution's subscription terms (e.g. regulatory audit retention for a regulated training institute).
5. Changes to this policy
Material changes to retention windows are reflected in the "Last updated" date at the top and signalled to active users. For questions, contact us using the details on the Contact page.