Data retention and deletion

Defaults differ by data type and whether you're a healthcare org — call recordings 7 years (healthcare) or 1 year (non-healthcare), transcripts the same, patients indefinitely, audit logs 6 years. All defaults are configurable, and you can honor individual deletion requests with the per-patient delete tool.

Updated May 20, 20262 min read

Data retention is the boring-but-critical side of compliance. FrontDesk ships sensible defaults that meet HIPAA, GDPR, and CCPA out of the box, and gives you levers to tighten or relax them based on your jurisdiction and policies.

Default retention periods

Data type	Healthcare org	Non-healthcare
Call recordings (audio)	7 years	1 year
Call transcripts	7 years	1 year
Patient records	Indefinite	Indefinite
Appointments	Indefinite	Indefinite
SMS messages	7 years	1 year
Audit log	6 years	1 year
Voicemail audio	1 year	90 days

Healthcare defaults are set to match HIPAA's 6-year minimum for records of disclosures plus a 1-year buffer. Non-healthcare defaults match common state-law minimums.

Change retention periods

Open Settings → Compliance → Data Retention.
For each category, choose from the dropdown (30 days, 90 days, 1 year, 3 years, 7 years, indefinite).
Click Save.

For healthcare orgs the dropdown won't let you go below HIPAA minimums (6 years for audit). For all orgs, lengthening retention takes effect immediately; shortening retention triggers a background cleanup over the next 24 hours.

Per-patient deletion (right to be forgotten)

When a patient invokes their GDPR, CCPA, or HIPAA right to deletion:

Open Patients → search the patient → click their row.
Click the ⋯ menu → Delete Patient Data.
Confirm by typing the patient's name.

What happens:

Data	After deletion
Name, phone, email	Replaced with hashed values (e.g., `Patient-a3f8b1`)
Call recordings	Audio files deleted from S3
Transcripts	Personally identifying content scrubbed
Appointments	Kept (anonymized) for your business records
Audit log entry	Records that the deletion happened, who requested it, and when

The operation is irreversible. We retain the audit-log entry for the deletion itself even after the data is gone — required for your compliance records.

Automated cleanup

A background job runs daily and deletes data that has exceeded its retention period. You'll see line items in your audit log:

[2026-01-15 02:00] System auto-deleted 247 call recordings older than 7 years (retention policy)
[2026-01-15 02:01] System auto-deleted 1,892 SMS messages older than 7 years

Exports before deletion

Before any major retention shortening, run an export from Settings → Compliance → Data Export — it dumps everything to a downloadable archive (JSON + audio) so you have an offline copy if you need it.

What's next

Sign your BAA — the legal framework for handling PHI
Understand call recording consent
Review what's in your recordings

Frequently asked questions

What are the default retention periods?

Healthcare orgs — call recordings and transcripts 7 years, patient records indefinite, audit log 6 years (HIPAA minimums). Non-healthcare orgs — call recordings and transcripts 1 year, patient records indefinite, audit log 1 year.

Where do I change retention settings?

Settings → Compliance → Data Retention. You can shorten or lengthen each category; healthcare orgs can't go below HIPAA minimums.

How do I delete a specific patient's data?

Patients → search the patient → ⋯ → Delete Patient Data. We anonymize their record (replacing identifiers with hashed values), delete their call recordings and transcripts, and log the deletion in the audit trail. Operation is permanent and can't be undone.

Do I have to honor deletion requests?

Under GDPR (EU residents), CCPA (California), and similar state laws — generally yes, with some exceptions for legal/regulatory record-keeping. The per-patient delete tool produces a compliant deletion. We log the request and the deletion for your records.

Was this article helpful?

Still need help?

Our team replies fast. Or just ask the in-app Setup Assistant.

Contact support