PrepXam

Legal

Data retention policy

How long we keep categories of information and when we delete or anonymise them.

Effective 30 March 2026 · Last updated 30 March 2026

This Data Retention Policy supplements our Privacy policy. It describes typical retention periods for PrepXam (com.prepxam.prep_xam). Actual retention may vary where law requires longer storage or where data is aggregated or anonymised so it no longer identifies you.

Contact: privacy@prepxam.app (update before publishing).

1. Account & profile

  • Active accounts: profile and account data are retained while your account remains open and in use.
  • Deletion: when you request account deletion (through in-app flows when available, or by email), we delete or irreversibly anonymise personal data associated with your account within a reasonable period, typically within 30 days, unless a longer period is required for legal, tax, or dispute resolution (for example backup retention up to 90 days in some environments).

2. Authentication & sessions

  • One-time passwords (OTP): stored only for the short window needed to complete verification (typically minutes), then removed.
  • Access tokens / sessions: retained until expiry, sign-out, or rotation; revoked on password or security events where applicable.

3. Tests, results, and analytics

  • Test attempts and results: retained for as long as your account is active so you can view history and analytics; deleted or anonymised when your account is deleted, subject to backups.
  • Aggregated analytics: we may retain non-identifying statistics indefinitely to improve the product.

4. Billing & subscriptions

Purchase and subscription records may be retained for the period required by tax, accounting, and Google Play policies—often several years where mandated. Such records may include transaction identifiers rather than full payment card data (payments are handled by Google Play).

5. Logs & security

Server and security logs are retained for a limited period for troubleshooting and abuse prevention (for example 30–180 days depending on system), unless a longer period is needed for an investigation or legal hold.

6. Backups

Deleted data may persist in encrypted backups for a limited time until those backups roll off according to our backup schedule; restored data is deleted in line with this policy.

7. Changes

We may update retention periods as our systems or legal obligations change; the “Last updated” date at the top will change when we do.