Data retention policy
Bitglass only stores and maintains the metadata used for logging purposes. This data is kept in active logs within the Bitglass portal for 30 days after which they are backed up to S3 encrypted backups. These backups are stored and kept for 7 years per HIPAA compliance. Data can be deleted upon request/contract termination.
Data archiving and removal policy
Metadata (including IP location, user name, time, filenames, applications, URL, device type etc.) is stored in customer isolated encrypted archives for 7 years for compliance purposes. Customers can optionally opt-out of data archival and request for a deletion of the data.
Cloud API file metadata is archived through backups to customer isolated encrypted stores.
Local Admin and User data, Key vaults, Encrypted Application data and metadata are archived through database backups to encrypted stores. Customers can request for a deletion of this data.
Data can also be deleted upon contract termination.
Bitglass utilizes AWS for media destruction and decommissioning of devices that contain data noted above. AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
Data storage policy
Metadata (including IP location, user name, time, filenames, applications, URL, device type etc.) is stored for 30 days for logging purposes (used in Admin logs, Proxy access logs, Cloud API audit logs, and analytics meta-data).
Cloud API file metadata is stored in customer isolated DB and read-replicas.
Payload data. e.g. email contents, attachments, files, API data fields, etc. is only temporarily stored on encrypted volumes during processing and deleted instantly.
Local Admin and User data, (e.g. Active Directory members and groups synced to Bitglass) is stored in a shared primary DB and read-replicas.
Key vaults (Master Keys on AWS Key Management Service) are stored in an encrypted DB and read-replicas.
Encrypted Application data and metadata are stored encrypted in a shared primary DB and read-replicas.
App/service has sub-processors
no