Data Retention and Data Deletion at Unique
- Daylan Araz
1. Purpose
The purpose of this document is to ensure that clients and users understand how Unique manages data retention and deletion. By outlining our standard practices and acknowledging potential customizations, we aim to maintain transparency and meet diverse contractual requirements effectively. This document provides a comprehensive overview of our policies and procedures regarding the retention and deletion of data, focusing on both use cases: chat and recording. While it details our general principles, please note that individual setups may vary based on specific client contracts and needs.
Unique also has a data retention policy in place.
2. Data Retention
2a. Valid for chat and recording use cases
No data is stored with Microsoft Azure Open.AI, and none of the data is used for AI model training or any other neural network training. This ensures that all client data remains secure and private, adhering to our commitment to data protection and confidentiality.
No data is shared in any way with the company Open.AI. The Azure Open.AI model is a model separately deployed within the Azure customer environment, completely separate from public Open.AI services
No data sent to or received from the Azure Open.AI model is stored for human review by Microsoft as we have an opt-out agreement with Microsoft and disabled abuse monitoring.
Logging data will still be available for up to 1 year after contract termination, or longer if legally required for audit purposes.
We are collecting aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our business user may need to improve the services in line with the Data Protection Agreement (DPA) and privacy policy. We may collect also Personal data for the following purposes:
To facilitate, operate, enhance, and provide our Services;
To provide our Customers and users with assistance and support;
To gain a better understanding on how individuals use and interact with our Sites and Services, and how we could improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our Services;
2b. Chat use case only
Data storage and retention for Single Tenants: Data Flow Architecture Diagram - [EXT] UBP @ Unique - Confluence (atlassian.net)
Azure Single Tenant Setup: Microsoft Services
# | Provider | Service | Location | Data | Retention | Encrypted in transit? | Encrypted at rest? |
|---|
# | Provider | Service | Location | Data | Retention | Encrypted in transit? | Encrypted at rest? |
|---|---|---|---|---|---|---|---|
1 | Microsoft Azure | Azure Open AI Cognitive Services | CH |
| In memory processing only for Promts/Completions/Document Texts (opted out of the logging and human review process) Data, privacy, and security for Azure OpenAI Service - Azure AI services | ✅ | n.a. (processing only) |
2 | Microsoft Azure | Azure Open AI Cognitive Services
| Depending on the deployed models and the available region of Microsoft: Azure OpenAI Service models - Azure OpenAI
CH (GPT-4) or SWEDEN (GPT-4o)
|
| In memory processing only for Promts/Completions/Document Chunks (opted out of the logging and human review process) Data, privacy, and security for Azure OpenAI Service - Azure AI services | ✅ | n.a. (processing only) |
3 | Microsoft Azure | Storage Accounts | CH |
| No Minimal storage requirement.
Can be immediately removed on deletion request or soft delete. | ✅ | ✅ |
4 | UNIQUE (Microsoft Azure) | Vector DB (Qdrant) | CH |
| No Minimal storage requirement. Deletion on request. | ✅ | ✅ |
5 | Microsoft Azure | Flexible Postgres Server | CH |
| No Minimal storage requirement. Deletion on request. Backup optional but recommended. Business decision by customer. Back up Azure Database for PostgreSQL - Azure Backup | ✅ | ✅ |
Analytics data: Analytics
Ingestion data: Ingestion
Spaces deletion: https://unique-ch.atlassian.net/wiki/spaces/~6380d17ede5cdaba3a682532/pages/514523152
Role deletion: Roles and Permissions
2c. Valid for recording use cases
2d. Valid for mobile recording
@Irina Bărbos to add
3. Deletion process at Unique
For specific deletion requests not covered in contract or above (e.g. GDPR-related request on personal data deletion), the customer may write an email to Unique CISO (michael@unique.ch) and request the manual deletion. Unique confirms via email once deletion is completed.
3a. Deletion after termination of contract
Unique's standard data retention period is 30 days after the contract is terminated, unless specified otherwise in the client's contract. This applies to all chat and recording data managed by our services.
All data (including access rights) is deleted after the end of the contract.
Files will be available for an additional 30 days after they are deleted to be able to recover them in case of an accidental or malicious delete/overwrite
Unique ensures that all files are erased or anonymized upon final deletion after retention periods expire and that data in databases is not just marked as deleted but deleted from the database upon deletion. This applies to all data stored in Switzerland of the Microsoft Azure Cloud or another chosen location by the client for the duration of the contract or until the user manually deletes the data.
4. Backups
Unique’s databases run automatic backups to ensure rapid restoration of data when needed.
Unique’s backups have a RPO of 24 hours
Backups will be available for an additional 2 weeks after data is deleted (data deletion period is 30 days after contract ends).
Backups will be available for an additional 2 weeks after data is deleted.
5. Encryption in Place
Data in transit between the Unique service and Unique clients is encrypted using TLS 1.2+ protocol.
Encrytion at rest: For the Unique hosted single tenant, Unique lets Azure generate keys which are stored in the Single Tenants own Key Vault. These are HSM-backed (FIPS 140-2 Level 2) 4096 bit RSA keys. The keys are still stored in an Azure Key Vault but managed by Unique. The disks are encrypted with FIPS 140-2 compliant AES256. For Unique hosted multi tenant, Unique uses Microsoft / platform managed encryption keys that are not HSM-backed.
Encryption for Azure Backup: For Azure Backup, all backups are encrypted using customer-managed keys (CMK).
Authors | @Sina Wulfmeyer @Michael Dreher |
|---|---|
Date | Sep 11, 2024 |
Version | v.01 |
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service