This article describes the data storage strategy for Voyado as it relates to enabling a wide array of features and data redundancy while supporting the privacy rights of data subjects.
How is data stored and backed up in Engage?
Our main data storage is based on a relational database, which acts as data master for contact data in Engage. In this database, each contact is identified using a unique, random Identifier (UUID). Data is mirrored such that a disruption to the database is mitigate through a failover to the mirror database while recovery is performed. Additionally, databases are backed up and backups are retained for 30 days.
Alternative storage systems
Depending on which features is used by our clients, personal data may be stored in multiple locations and formats temporarily or permanently. This data falls into two categories and our strategies for managing this data differs.
The first category, and our preferred scenario, is to not store inherently Personally Identifiable Information, rather we store the UUID of a contact and associate data with that identifier.
The second category is where inherently Personally Identifiable Information (e.g. name, phone number, email address etc.) is necessary to process data in the alternative storage mechanism.
How is personal data retained and deleted from Engage?
When a contact is deleted in Engage we perform a so-called “soft delete”, i.e. we add a data point to the contact specifying that the contact is deleted. At this point the contact does not appear in Engage and the system acts as if it was deleted, however it may be restored for a grace period of seven days.
After this grace period all Personally Identifiable Information is erased from the contact, leaving only it’s UUID and other non-identifiable information behind. This way we may keep statistically relevant information on a deleted contact without the contacts personal data being processed.
In alternative storage systems, we may retain data in the first category above since only the UUID is referenced and no other Personally Identifiable Information is processed.
In the second category all Personally Identifiable Information is removed, similarly to what is described in the first paragraph.
Retention of transactional data on receipts for segmentation purposes will be limited to two (2) years.
Retention of other data, including personal data, is subject to settings made by the customer. If no settings are made, default is no erasure.
Do you have any questions? Feel free to contact your Account Manager.