Data handling and memory
Day 14 of 30 · Generative AI 2026: Build AI Apps and Agents
One-liner: Decide what data to store and how long to keep it.
Time: 20 to 30 min
Deliverable: Data Retention and Storage Plan
Learning goal
You will be able to: Define what data is stored, for how long, and why.
Success criteria (observable)
- Data types are listed and classified.
- Retention periods are defined.
- The plan matches user expectations.
Output you will produce
- Deliverable: Data Retention and Storage Plan
- Format: Short policy table
- Where saved: Course folder under
/generative-ai-2026-build-ai-apps-and-agents/
Who
Primary persona: Digital nomad deciding data storage rules Secondary persona(s): Users concerned about privacy Stakeholders (optional): Collaborators
What
What it is
A simple plan that lists what you store, why you store it, and how long you keep it. It balances product usefulness with user trust.
What it is not
It is not a full legal policy or enterprise compliance program. It is a practical first step for a small commercial app.
2-minute theory
- Storing less data reduces risk and responsibility.
- Clear retention periods improve user trust.
- Good data handling makes support and analytics easier.
Key terms
- Retention period: How long data is stored before deletion.
- Sensitive data: Information that can harm users if leaked.
Where
Applies in
- Database design
- Privacy and support docs
Does not apply in
- UI design aesthetics
Touchpoints
- Privacy policy
- Support responses
- Analytics logs
When
Use it when
- You plan to store user data
- You need to explain data use to users
Frequency
Once per product, revise when features change
Late signals
- Users ask what data is stored
- Support cannot answer data questions
Why it matters
Practical benefits
- Lower risk of data issues
- Clearer user communication
- Easier maintenance
Risks of ignoring
- User distrust
- Regulatory problems
Expectations
- Improves: trust and clarity
- Does not guarantee: legal compliance
How
Step-by-step method
- List data types you plan to store.
- Mark sensitive or personal data.
- Define a retention period for each type.
- Write a one sentence reason for each.
Do and don't
Do
- Store only what you need
- Explain retention in simple language
Don't
- Keep data forever without reason
- Store sensitive data without a plan
Common mistakes and fixes
- Mistake: No retention plan. Fix: Add a deletion schedule.
- Mistake: Storing too much. Fix: Remove non essential data.
Done when
- Data types and retention are listed.
- Sensitive data is flagged.
- Reasons are written for each type.
Guided exercise (10 to 15 min)
Inputs
- Your product features
- User data you expect to collect
Steps
- List data types collected.
- Assign retention periods.
- Write reasons for each type.
Output format
| Field | Value |
|---|---|
| Data type | |
| Retention period | |
| Reason | |
| Sensitive? |
Pro tip: If you do not need it, do not store it.
Independent exercise (5 to 10 min)
Task
Remove one data type and explain why it is unnecessary.
Output
Updated data plan.
Self-check (yes/no)
- Are data types listed?
- Are sensitive types flagged?
- Are retention periods defined?
- Are reasons written?
Baseline metric (recommended)
- Score: 3 of 4 checks met
- Date: 2026-02-06
- Tool used: Notes app
Bibliography (sources used)
NIST Privacy Framework. NIST. 2024-01-01. Read: https://www.nist.gov/privacy-framework
GDPR Overview. EU Commission. 2024-01-01. Read: https://commission.europa.eu/law/law-topic/data-protection_en
Read more (optional)
- Data Minimization Why: Practical guidance for storing less data. Read: https://gdpr.eu/data-minimization/