BastionGPT keeps your data only as long as it serves you, and deletion is always in your hands. Your chats and uploaded documents stay available until you delete them or your account goes unused for 30 days, and transcripts follow a retention window you control, at which point it is securely and permanently erased. Behind the scenes, the working data our AI holds to process your requests is kept for a maximum of 30 days, and in most cases it is purged much sooner.
Data retention is a standard question in HIPAA security reviews, so here is the full picture: what we keep, what you control, and how to remove everything.
What does BastionGPT keep while my account is active?
Your account holds three kinds of content, each with its own lifecycle:
Chats stay in your account until you delete them. Many clinicians keep useful chats around for months, and that choice is entirely yours.
Uploaded documents stay available in your account permanently. They are securely erased only after your account has been idle for 30 days. See What types of documents are supported? for formats and size limits.
Transcripts follow a retention setting you control. By default, transcripts are securely wiped after 30 days, and you can adjust that window in your settings, where each transcript also shows its expiration date.
Separately, when our AI processes a request, your data moves through a hardened secure enclave (for milliseconds, up to about 30 seconds), is securely wiped after processing, and your results return to your account. That short-term processing data is retained for a maximum of 30 days. Our security article walks through the full data lifecycle step by step.
How do I delete my data from BastionGPT?
You can remove data whenever you choose:
Delete a single chat. Remove one conversation without touching the rest.
Clear all conversations. One click removes every chat in your account.
Set transcript retention. Choose how many days transcripts are kept before they are automatically and securely wiped.
Deleting removes the content from your account right away, and the underlying data is purged from our systems within the 30-day maximum retention period.
What happens to my data if I stop using BastionGPT?
You do not need to remember to clean up on your way out. Whether you cancel your subscription or simply stop logging in, our systems handle it automatically: after 30 days without any account activity, your data is securely wiped, with no way to recover it.
If you want your data gone sooner, email [email protected] and ask us to expedite the secure deletion of your data.
For how cancellation itself works, see What is your cancellation policy?.
Why does BastionGPT keep any data at all?
The reason comes down to safety monitoring. Clinical work sometimes involves difficult subject matter (writing a report on an abuse case, for example, is work most consumer AI tools refuse to touch), so we relax certain AI safety filters that would otherwise block legitimate healthcare work. Because those filters are relaxed, our licensing agreements with AI model providers require us to keep limited, short-term logs so misuse of the system can be detected. Thirty days is the ceiling, not the norm, and most data is purged well before that.
Just as important is what retained data is never used for: it is never used to train AI models (we guarantee that contractually, no matter how long data is held), never resold, and never used for marketing. You can read more in Is my chat data leaked to OpenAI?.
How do you handle subpoenas and court orders?
It is rare, but it does happen, and we coordinate with you throughout. In most cases the requested data is already past our retention period, and we provide a letter on company letterhead certifying that the data was securely wiped on a specific date. You can present that letter as evidence that nothing responsive exists.
Still have questions about data retention?
If your compliance team needs more detail for a security review, email [email protected] and we will get you the documentation you need. And if you are still evaluating BastionGPT, everything above applies from your very first day, so you can try it knowing your data follows the same retention rules whether you stay for a week or for years.
