Public

Khoros Customer Data Retention and Destruction Policy

Khoros Customer Data Retention and Destruction Policy

Data Retention

Customer data is generally retained for the duration of the customer’s contract with Khoros. Exceptions to this include:

  • Khoros Marketing: Data imported from various social media platforms is retained
    for a rolling twenty four (24) months before it is automatically purged.
  • Khoros Care: Data imported from various social media platforms is stored for the
    life of the agreement but can only be exported from the Services for a period of
    18 months.
  • Khoros CX Insights:
    • Data received from the Customer, but not sampled and ingested into the
      Services, is retained for up to thirty (30) days.
    • Data ingested into the Services, but not used by the Customer, is retained
      for ninety (90) days and the associated meta data is retained for the
      lesser of twenty four (24) months or the life of the agreement.
    • Data ingested into the Services and used by the Customer is retained for
      the lesser of twenty four (24) months or the life of the agreement.
  • Khoros Community: Data processed within Khoros Community will be retained for the life of the agreement.

While being retained, all customer data must be retrievable and maintained per
applicable legal, contractual and regulatory requirements.

Customer's data will be available for 30 days from the date of termination or expiration
of the agreement. Once the agreement ends, the data will be returned to the customer,
provided however Customer provides timely written request. If Data is declined by
Customer, Customer agrees Khoros has no further obligation to retain Customer’s data.
Deletion of the data occurs thirty (30) days after the expiration or termination of the
agreement with the following exceptions: (a) as otherwise required by applicable law;
(b) data on backup systems or media is maintained for 90 days in order to maintain
sound business continuity practices and then deleted; and (c) log files are maintained
for up to twelve months for security reasons and then automatically deleted.

During and after the life of the agreement, Khoros can use aggregated and anonymized
data for metrics and reporting purpose. This data does not include any personal
information and does not include any information about the customer or the end user.

Data Backup & Restoration

Backups are taken at least every day and every week and are encrypted using AES
256-bit information and are over written every ninety (90) days. Access to the backups
is restricted to authorized individuals. Offsite backups are kept in a secure facility.
Backups are made daily and weekly. We conduct backup restoration testing every six
(6) months.

Data Destruction

At the expiration or termination of the agreement, if the customer wishes to have a copy
of its data, we securely provide the information to the customer for: (i) Khoros
Community content, at one time and at no charge, in a machine-readable format, and at Khoros' option, either in a single data extraction or multiple data extractions; and (ii) all other Khoros Services, customer may download the content itself in a comma separated value (.csv) format. Khoros may provide additional reasonable assistance for data extractions at Khoros’s standard Professional Services rates. The availability of Content for extraction or downloading from certain Services will be limited as described above within the Data Retention section.

The data is made available for 30 days from the agreement expiration or termination,
after which time it is deleted in accordance with the above 'Data Retention' Section. The active data bases are also dropped from the production servers as well after the
data extraction is transferred to the customer. Once the media used for storage is
retired it is scrubbed or destroyed using NIST SP 800-88 guidelines.

Labels (1)
Version history
Last update:
‎10-21-2021 11:50 AM
Updated by:
Contributors