Data Retention
Customer data is generally retained for the duration of the customer’s contract with Khoros. Exceptions to this include:
Khoros Marketing: Data imported from various social media platforms is retained for a rolling twenty four (24) months before it is automatically purged.
Khoros Care: Data imported from various social media platforms is stored for the life of the agreement but can only be exported from the Services for a period of 18 months.
Khoros CX Insights:
Data received from the Customer, but not sampled and ingested into the Services, is retained for up to thirty (30) days.
Data ingested into the Services, but not used by the Customer, is retained for ninety (90) days and the associated meta data is retained for the lesser of twenty four (24) months or the life of the agreement.
Data ingested into the Services and used by the Customer is retained for the lesser of twenty four (24) months or the life of the agreement.
Khoros Community: Data processed within Khoros Community will be retained for the life of the agreement.
While being retained, all customer data must be retrievable and maintained per applicable legal, contractual and regulatory requirements.
Customer's data will be available for 30 days from the date of termination or expiration of the agreement. Once the agreement ends, the data will be returned to the customer, provided however Customer provides timely written request. If Data is declined by Customer, Customer agrees Khoros has no further obligation to retain Customer’s data. Deletion of the data occurs thirty (30) days after the expiration or termination of the agreement with the following exceptions: (a) as otherwise required by applicable law; (b) data on backup systems or media is maintained for 90 days in order to maintain sound business continuity practices and then deleted; and (c) log files are maintained for up to twelve months for security reasons and then automatically deleted.
During and after the life of the agreement, Khoros can use aggregated and anonymized data for metrics and reporting purpose. This data does not include any personal information and does not include any information about the customer or the end user.
Data Backup and Restoration
Backups are taken at least every day and every week and are encrypted using AES 256-bit information and are over written every ninety (90) days. Access to the backups is restricted to authorized individuals. Offsite backups are kept in a secure facility. Backups are made daily and weekly. We conduct backup restoration testing every twelve (12) months.
Data Destruction
At the expiration or termination of the agreement, if the customer wishes to have a copy of its data, we securely provide the information to the customer for: (i) Khoros Community content, at one time and at no charge, in a machine-readable format, and at Khoros' option, either in a single data extraction or multiple data extractions; and (ii) all other Khoros Services, customer may download the content itself in a comma separated value (.csv) format. Khoros may provide additional reasonable assistance for data extractions at Khoros’s standard Professional Services rates. The availability of Content for extraction or downloading from certain Services will be limited as described above within the Data Retention section.
The data is made available for 30 days from the agreement expiration or termination, after which time it is deleted in accordance with the above 'Data Retention' Section. The active data bases are also dropped from the production servers as well after the data extraction is transferred to the customer. Once the media used for storage is retired it is scrubbed or destroyed using NIST SP 800-88 guidelines.
View full article