Khoros Community

Lithium Data Retention and Media Destruction Policy for Customer Data

Lithium Data Retention and Media Destruction Policy for Customer Data

For Lithium Communities

Data Retention
Customer data is retained for the duration of the customer’s contract with Lithium, unless otherwise instructed by the customer. When the contract ends, Lithium Support contacts the customer to offer data return. Then, after the data has been returned or declined by the customer, the data is deleted. Deletion occurs within thirty days with the following exceptions:

  • Data on back up systems or media is maintained for 90 days in order to maintain sound business continuity practices and then deleted
  • Log files are maintained for up to twelve months for security reasons and then deleted
  • Klout data: Lithium has discontinued the Klout service, website and brand, and deleted personal data used for that purpose. Lithium will continue to receive publicly available data from Twitter, consistent with Twitter’s privacy policy, and will continue to delete Twitter users’ personal data at Twitter’s instruction. Public data we receive from Twitter is retained for 90 days and then deleted. Data you post to Twitter is controlled by Twitter, so if you do not want your personal data made available via Twitter, you would need to opt out of Twitter, or change your privacy settings on Twitter. 
    .

During and after the life of the contract, Lithium can use aggregated and anonymized data for metrics and reporting purpose. This data does not include any personal information nor any information about the customer or the end user.

Data Backup and Restoration
Information on backup tapes is encrypted using AES 256-bit information and tapes are over written every ninety (90) days. Access to the backup tapes is restricted to authorized individuals. Offsite tapes are kept in a secure facility. Backups are made daily and full backups weekly. We conduct backup restoration testing every six (6) months, in January and July.

Data Destruction
When the contract ends, if the customer wants a copy of the data, we provide the information to the customer in an XML format via our secure SFTP servers. The information on the SFTP servers remain intact for 30 days after which time it is deleted, unless otherwise instructed by the customer. The active data bases are also dropped from the production servers as well after the XML extraction is transferred to the customer.
After the media used for storage is retired, it is scrubbed or destroyed using NIST SP 800-88 guidelines.

For Social Media Management

SMM does not provide a full data backup of the customer data. Instead, SMM customers must run their own SMM reports to extract data as they need on a rolling basis. Learn more about exporting raw data from Social Response.

Labels (1)
Version history
Revision #:
5 of 5
Last update:
3 weeks ago
Updated by:
 
Contributors