How do we delete data?
When data is flagged for deletion, depending on our policy below, we will delete the relevant data on the GCP (Google Cloud Platform) filesystem after 30 days. You can read more about how GCP handles data deletion here https://cloud.google.com/security/deletion/
How do we anonymize data?
When data is flagged in our data base for anonymization, typically data that contains PII (Personally Identifiable Information, e.g., names, emails, etc), based on our policy below we will overwrite (not encrypt) the data in question with a randomly generated string. Data is permanently and irrevocably destroyed. There is no way to reverse it using an encryption key or similar means. Any database backups, and logs will reflect such changes as well.
- Marked as deleted immediately upon customer request
- Permanently deleted 1 month after deletion request received. Read more about GCP's data deletion here, https://cloud.google.com/security/deletion/
Expired accounts and account deletion requests
- Marked for deletion 1 month after expiration
- Recordings permanently deleted 2 months after expiration. Read more about GCP's data deletion here, https://cloud.google.com/security/deletion/
- Personal data (name, email) anonymized after 7 years as per https://validately.com/gdprprivacy
Prospect accounts (non-paid accounts)
- Marked for deletion 12 month after no activity
- Recordings permanently deleted 13 months after no activity. Read more about GCP's data deletion here, https://cloud.google.com/security/deletion/
- Personal data (name, email) anonymized after 7 years (3 years for Prospect, non-paid accounts) as per https://validately.com/gdprprivacy