Data Retention Policy
Why This Document Exists
Step 2 of the FTC's Six-Step COPPA Compliance Plan requires each product's privacy policy to state “the business need to retain personal information, and a timeframe for deletion. You cannot retain personal information collected from a child indefinitely.” Step 6 reinforces: “Hold on to personal information only as long as is reasonably necessary.”
This document is the single source of truth for retention windows across the Matside portfolio. Each product's privacy policy mirrors the window for that product.
Per-Product Retention Windows
WrestleFA
| Data class | Active retention | Deletion trigger | Grace |
|---|---|---|---|
| Parent account | While account active | User-initiated OR 24 months of inactivity | 30 days |
| Wrestler profile (under-13) | Linked to parent account | Same as parent account | 30 days |
| Confirmed placements | Anonymized + retained for TD history | Anonymization on parent-account deletion | n/a |
| Consent records | While wrestler profile exists | Deleted alongside wrestler profile | 30 days |
| Square payment records | ~7 years per tax law | Legal-hold exception | n/a |
| Audit log entries | 24 months rolling | Automatic at 24 months | n/a |
Rationale for the 24-month inactivity window: WrestleFA is a free-agent marketplace tied to a wrestling season cadence. A parent who hasn't logged in or updated a profile across two full seasons is functionally inactive; the window is conservative enough that families taking a season off don't lose data immediately. A notification email is sent at 22 months of inactivity with a 60-day grace before deletion.
COPPA implication: WrestleFA is the only product in COPPA scope. A 24-month inactive timer plus notification plus grace is materially stronger than “indefinite retention” and satisfies the COPPA Six-Step Steps 2 and 6 explicitly.
MatRecruit
| Data class | Active retention | Deletion trigger |
|---|---|---|
| Athlete account | While subscription active OR logged in within 18 months | User-initiated OR 18 months past stated class year |
| Profile data | Same as account | Deleted with account |
| Tracker data (private) | Same as account; subscription cancellation does NOT delete | Deleted with account |
| Profile photos | Same as profile | Immediate on user action |
| Audit log entries | 24 months rolling | Automatic |
| Sentry error reports | 90 days (per Sentry) | Per provider |
| Stripe payment records | ~7 years per tax law | Legal-hold exception |
Rationale for the 18-months-past-class-year window: A wrestler who graduates in class year X uses MatRecruit through the recruiting cycle ending ~spring of year X. Eighteen months past graduation covers the late-recruiting JUCO/transfer window. After that, the profile has functionally aged out of the recruiting market. Notification email sent at 16 months past class year with a 60-day grace.
MatPass
Critical FERPA dependency: When the wrestling program using MatPass is school-affiliated (high-school, college, or other educational institution), athlete compliance records are likely education records under FERPA, which has its own retention requirements that supersede MatPass's default. MatPass acts as a data processor; the wrestling program is the data controller. The organization owner is responsible for configuring MatPass to align with the program's institutional retention obligations.
| Data class | Retention |
|---|---|
| User account (coach, admin, parent) | 24 months of inactivity or user-initiated deletion |
| Organization records | While org is active |
| Athlete records | Per the wrestling program's institutional retention policy |
| Compliance documents | Per institutional + governing-body requirements |
| Audit log entries | 24 months rolling (org owners may extend) |
Default for non-FERPA programs (club programs, private programs): athlete records retained for 24 months past the end of the season they were created in. Notification to the org admin at 22 months with a 60-day grace.
MatTime
MatTime uses a 7-year anonymization sweep, materially stronger than the cross-product default. This window aligns with typical state-level coaching-credential retention requirements and provides a clean audit trail for any post-booking dispute. The anonymization sweep is already implemented at the scheduled-cron layer.
| Data class | Retention |
|---|---|
| Coach account + profile | 7 years of inactivity or user-initiated |
| Parent account + bookings | 7 years of inactivity or user-initiated |
| Booking confirmation records | 7 years past booking date (automatic anonymization) |
| USAW credential submissions | 7 years past expiration |
| Audit log entries | 7 years rolling |
SignupSignin
| Data class | Retention |
|---|---|
| User account (volunteer or admin) | 12 months past last login or user-initiated |
| Event signup records | At the organization's discretion; recommend ≤12 months past event |
| Audit / activity records | 12 months rolling |
| Mobile push notification tokens | Removed on logout or account deletion |
Rationale for the 12-month inactivity window: SignupSignin is event-driven; volunteers typically sign up around a tournament cadence. 12 months covers a full off-season plus the next year's early-season cadence. Past that, the user is functionally inactive. Notification email sent at 10 months of inactivity with a 60-day grace.
Cross-Product Applicable Items
Audit Log Retention
All products: audit-log entries retained for 24 months rolling (MatTime is 7 years per its stronger policy). Standardized to support security investigations and dispute resolution without indefinite storage.
Service-Provider Logs
Per the respective provider's retention schedule:
- Supabase (database + auth logs): per project configuration
- Firebase / Google Cloud (Cloud Functions logs, Firestore audit logs): per provider retention
- Vercel (web request logs): per platform retention (currently 7–30 days depending on plan)
- Sentry (error reports): 90 days on current plan
- Resend (email delivery logs): per Resend account retention
- Stripe (payment records): per Stripe + applicable tax law (typically 7 years)
- Square (payment records): per Square + applicable tax law (typically 7 years)
Legal-Hold Exception
Any retention window above is superseded when records are subject to:
- A pending or reasonably anticipated legal proceeding
- A regulatory investigation or audit
- A subpoena, court order, or other valid legal process
- A bona fide preservation request from a party with legal authority
Legal-hold records are retained until the hold is released.
Notification and Grace Pattern
For every product where inactivity triggers deletion, the following pattern applies:
- Inactivity warning email sent at (retention window) minus 2 months, to the user's account email, with: explanation that the account is approaching the deletion timer; link to log in and reset the timer; link to export data before deletion; link to confirm immediate deletion if preferred.
- 60-day grace period between the warning email and final deletion.
- Final deletion email sent at the deletion moment confirming the deletion occurred.
This pattern satisfies the COPPA spirit (“hold on to personal information only as long as is reasonably necessary”) and provides users with meaningful warning and an opportunity to preserve their data.
Changes to This Policy
The Sept 1, 2026 attorney review will redline retention windows where appropriate; the change happens here first, then per-product privacy policies update to match. After the Oct 1, 2026 launch, this document is reviewed quarterly alongside the per-product COPPA compliance checklists.
Questions about this Data Retention Policy? Contact support@matside.org.