Smoke Source logo
Smoke Source logo
All articles

Data Retention PolicyUpdated a year ago

Data Retention Policy for Smoke Source

Effective Date: 10/28/2023

1. Introduction

This Data Retention Policy outlines the principles and guidelines for the retention and disposal of data collected and processed by Smoke Source (hereafter referred to as "the application"). Data retention is essential to ensure the security, privacy, and compliance of the application with relevant data protection laws and regulations.

The application’s security, data, and privacy systems are managed by Crowdbotics. For more information and system status updates you can visit the Crowdbotic’s systems information page.

2. Scope

This policy applies to all data collected, processed, and stored by the application, whether it pertains to individuals (user data), organizations, or any other data subject.

3. Data Categories

The application may collect and process various data categories, including but not limited to:

  • User account information
  • Usage logs
  • Personal user data
  • Analytics data
  • Customer support records
  • Backup data
  • Credit card and payment information

4. Data Access Control

To ensure privacy and security of data, the application has strong password requirements and logs access to user data.

5. Data Encryption & Data Loss Prevention

For security purposes all data in the application is encrypted at rest and in transit.

The application has formal and disposal procedures in place ot guide the secure retention and disposal of company and customer data.

6. Incident Response Plan

The company has a formal incident response plan in place to deal with any incidents that may occur.

7. Monitoring and Auditing

The company's has formal policies and procedures in place to monitor and audit any sensitive data stored by the application.

8. Data Retention Periods

The retention periods for different data categories are defined as follows:

a. User Account Information:

  • Data Category: User registration data, such as username, email, and profile information.
  • Retention Period: Data will be retained as long as the user maintains an active account with the application. Upon account deletion, all related data will be deleted within 365 days.

b. Usage Logs and Analytics Data:

  • Data Category: Logs and analytics data used for application performance analysis and improvement.
  • Retention Period: Logs and analytics data will be retained for a period of 12 months for statistical and troubleshooting purposes.

c. Personal User Data:

  • Data Category: Any personal data provided by users, such as messages, documents, or media.
  • Retention Period: Data will be retained for as long as the user chooses to keep it within the application. Users can delete their data at any time, which will result in the immediate and permanent removal of such data.

d. Customer Support Records:

  • Data Category: Records of customer support interactions, including support tickets and email communication.
  • Retention Period: Customer support records will be retained for a period of 60 months after the resolution of the support request.

e. Backup Data:

  • Data Category: Backup copies of application data for disaster recovery purposes.
  • Retention Period: Backup data will be retained for a maximum of 12 months, with regular deletion of older backups as new ones are created.

9. Data Deletion

Data will be deleted in accordance with the specified retention periods. Data deletion will be performed securely to ensure that data is irrecoverable. When data is deleted, it will be removed from all active databases and backup systems.

10. Data Subject Rights

The application will respect data subjects' rights, including the right to access, rectify, or erase their personal data. Users can exercise these rights by contacting our customer support or using the features provided within the application.

11. Compliance

This policy will be updated as necessary to ensure compliance with relevant data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The application’s systems are compliant with the following:

  • SOC 2 Type
  • SOC 2 Type I
  • SOC 2 SOC 2 Type II
  • GDPR
  • CCPA COMPLIANT CCPA
  • HIPAA
  • NIST Cybersecurity Framework
  • Minimum Viable Secure Product
  • NIST 800-53
  • NIST 800-171

12. Review and Revision

This Data Retention Policy will be reviewed annually and updated as necessary to reflect changes in data handling practices, laws, or regulations. Any updates will be communicated to relevant stakeholders.

13. Contact Information

If you have any questions or concerns about this Data Retention Policy or the data we collect and process, please contact [email protected].

14. Document History

  • Document created 10/28/2023

By using the application, you agree to abide by this Data Retention Policy.

Was this article helpful?
Yes
No