Data retention policy
* All customer data while the account remains active is retained indefinitely
* After requesting removal, data is removed within 60 days
* Once 60 days have elapsed from the cancellation/expiration/termination date, the team will be deleted. Any information not downloaded will no longer be recoverable.
* Backups: 10 days of on-site backups; 90 days of off-site backups;
Data archiving and removal policy
* After requesting removal data is removed within 60 days
* Backups: 10 days of on-site backups; 90 days of off-site backups;
* GDPR: Subject access requests can be requested here:
https://stackoverflow.com/legal/gdpr/requestData storage policy
We do not have an official data storage policy. Instead, data storage related policies are embedded within our other policies and procedures.
* Besides the data that we send to our sub-processors to provide the agreed upon services, customer data is not allowed to leave the production environment unless explicit permission is granted by the customer, and usually only for troubleshooting purposes.
* Data classification procedures and data inventory maintenance is incorporated into our secure SDLC. Updates, removal, or additions to the data inventory are reviewed and approved by the Information Security department.
* All equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed and destroyed or securely overwritten in a non-recoverable, non-reconstructable format prior to disposal or re-use.
* We are required to identify an alternate storage site that is separated from the primary storage site so as not to be susceptible to hazards, in the event of an area-wide disruption or disaster.
App/service has sub-processors
yes
Guidelines for sub-processors