Home
Documentation
  1. HIPAA Compliance
  2. Protecting PHI in Your Knack App

PHI Retention and Data Deletion

What You'll Learn

This article explains Knack's data retention and deletion policies for HIPAA accounts. It covers what happens when you delete a record, when an app or account is deleted, and what happens if an account becomes delinquent. HIPAA requires that all PHI be permanently deleted after a reasonable backup period, and this article outlines exactly how Knack handles that.

When You Delete a Record

When you delete a record from your Knack app:

  • The record is immediately removed from your app and from Knack's production servers
  • If the record existed during a daily backup process, a backup copy may be available for up to four weeks in a separate, secure environment
  • After the four-week window, the backup data is permanently removed and cannot be recovered

This applies to individual record deletions performed by you or your app users through the builder or the live app.

When an App or Account Is Deleted

When you delete an entire app or your Knack account:

  • Knack creates a backup of all records, the app structure, and record history
  • This backup is kept for a four-week period in a separate, secure environment
  • After four weeks, the data is permanently removed and cannot be recovered

Delinquent Accounts

If an account becomes delinquent (payment is overdue), the following timeline applies:

  • 28 days after the invoice is due: The account and all data are deleted from Knack's production servers. You can still access and export your data during this window.
  • After deletion from production: A full account backup is taken and kept in a separate, secure environment for an additional 28 days.
  • After 56 days total: The data is permanently removed and is no longer recoverable.
📘

Act before the window closes. If your account becomes delinquent, export your data as soon as possible. Once the 56-day window passes, there is no way to retrieve it.

Your Retention Responsibilities

Knack's retention policies cover what happens to data on the platform. But HIPAA may require your organization to retain certain records and documentation for longer periods.

  • HIPAA requires covered entities to retain certain documentation (policies, risk assessments, audit logs) for a minimum of six years
  • State laws may impose additional or longer retention requirements for medical records
  • It's your responsibility to maintain your own backups or archives if your compliance program requires longer retention than what Knack's backup cycle provides

Knack's backup and deletion timelines are designed to meet HIPAA's requirement for permanent deletion after a reasonable period. They are not designed to serve as your long-term records retention strategy.

Summary of Timelines

  • Record deletion: Removed from production immediately. Backup available up to 4 weeks. Permanently deleted after 4 weeks.
  • App/account deletion: Backup kept for 4 weeks. Permanently deleted after 4 weeks.
  • Delinquent account: Deleted from production at 28 days. Backup kept for another 28 days. Permanently deleted after 56 days total.

Next Steps

Updated about 7 hours ago