Data Retention
The least data,
for the shortest time.
My Depo Prep is built to hold the least client data necessary, for the shortest time that serves the client's deposition preparation, and to make every access to sensitive material auditable. The most sensitive data — client video recordings — is the most aggressively minimized.
Last updated May 31, 2026
This page is for prospective and current law-firm customers evaluating how My Depo Prep handles their data, especially privileged client communications. It describes the platform's data-handling posture; it is not legal advice, and a firm's own counsel owns the privilege analysis for their practice and jurisdiction.
Retention schedule
Client video answers
A client's recorded video responses to attorney questions (privileged work product).
Retention
Deleted 24 hours after the deposition date (14-day fallback if no date is set).
Enforcement
Daily verified-delete cron; the row is marked deleted only after Cloudflare confirms the asset is gone, and retried on failure.
Client welcome / personal videos
Attorney-recorded videos attached to a specific invite.
Retention
Deleted 7 days after the deposition date.
Enforcement
Daily cron; database references are always cleared.
Audit log
Who accessed or changed what, with IP, user-agent, and timestamp.
Retention
90 days.
Enforcement
Daily cron purge; hash-chain integrity verified on each run.
Rate-limit records
Anti-abuse counters.
Retention
7 days.
Enforcement
Daily cron.
Tracking events
Client training-progress events (page views, completions).
Retention
1 year.
Enforcement
Daily cron.
Invites & matter metadata
Client name, email, matter reference, deposition details.
Retention
Retained for the engagement; removable on request.
Enforcement
Account deletion / data-subject request (below).
Billing records
Charges, receipts, and Stripe references (no card numbers are ever stored).
Retention
Retained per financial-record norms (~7 years).
Enforcement
Standard accounting retention.
Attestations
Attorney and client signed acknowledgments (text + SHA-256 hash + IP/UA).
Retention
Retained as the legal record of consent and review.
Enforcement
Append-only.
How privileged client recordings are protected
Client video answers are treated as confidential attorney-client work product. These controls are verified in code.
Private by construction
Recordings are stored on Cloudflare Stream with signed-URL playback required. There is no public link — every view needs a fresh, short-lived (1-hour), server-authorized token scoped to the owning attorney.
Never on our servers
Video uploads go directly from the client's browser to Cloudflare; the application server never receives or stores the bytes. Cloudflare encrypts at rest; all transport is HTTPS-only (HSTS preload).
Tenant-isolated, two layers
Access is enforced both in the application (the requester must be the sending attorney or a firm admin of the same firm) and at the database with Row-Level Security. One firm can never reach another firm's recordings.
Minimal footprint
The database stores only structural metadata (identifier, status, the question, scheduled-deletion time) — no transcripts, no recording content.
Verified deletion
A recording is marked deleted only after Cloudflare confirms the asset is gone; failures are logged and retried. A 14-day hard stop ensures nothing is retained indefinitely.
Every access audited
Minting a playback token writes an append-only audit record (actor, IP, user-agent, timestamp), so confidentiality is defensible, not merely asserted.
Account lifecycle
- Active accounts retain their invites, billing history, and attestations.
- Suspension / soft-deletion are available to administrators (data preserved, account hidden) as reversible markers.
- Planned — inactivity archival: accounts with no sign-in for an extended period (target: 90 days) will get graceful reminders and then be archived (disabled + cold-stored, recoverable), with deletion only after a further grace period. Logging in resets the clock; sending invites is never required to keep an account alive. (Roadmap item, not yet enforced.)
Data subject / deletion requests
- Attorneys can export their invite and receipt history (CSV) on demand from the app; each export is audited.
- Deletion on request is supported administratively today (account + data), with billing records retained where required by law. A self-service deletion flow is on the roadmap.
Subprocessors
Subprocessor
Role
Data it touches
Cloudflare Stream
Video hosting & playback
The private client recordings; enforces signed-URL access.
Supabase (PostgreSQL)
Application database
Recording metadata and the audit log — no video content.
Stripe
Payments
Billing data only (no card numbers stored by us).
Postmark
Transactional email
Invite emails containing client access links.
Sentry
Error monitoring
Server / client error diagnostics.
No video content, transcript, or recording is ever sent to any AI or large-language-model service.
The attestation & consent chain
My Depo Prep records signed, timestamped, hash-verified attestations at four points so consent and review are documented, not assumed. Each is stored with the verbatim text, a SHA-256 hash of that text, a version, IP, user-agent, and timestamp.
Attorney onboarding
The attorney commits to reviewing materials, confirms they are appropriate for their jurisdiction, and acknowledges the platform is educational, not legal advice.
Per invite
For each send, the attorney certifies they have reviewed and approve the training, have the client's consent, that it complies with their state's rules, and that it is educational material only (no attorney-client relationship with My Depo Prep).
Client
The client accepts a prominent "not legal advice / consult your own attorney" disclaimer before any training.
Training completion (roadmap)
The attorney signs that they reviewed the training in full.
Items that require the firm's own counsel
These are legal determinations the firm and its counsel own; the platform supports them but does not decide them.
- —Execution of a Data Processing Agreement and review of subprocessor terms.
- —Sign-off on the 24-hour post-deposition retention of client recordings as a data-minimization measure (framed as minimization, not discovery avoidance).
- —The firm's view on attorney-client privilege for client-recorded preparation materials in their jurisdiction.
This document reflects the platform's data-handling posture as of the date above and is provided to support a firm's diligence. It is not legal advice. For privilege and confidentiality, see the Privacy Policy and Security pages.
Diligence questions?
We'll put it in writing.
If your firm needs a DPA, a subprocessor review, or specifics on how privileged recordings are handled, we want to hear it before you sign anything.