Data retention policy
Envoy customers have options when it comes to what sign-in data they retain from employees and visitors.
By default, Envoy stores visitors’ responses to your sign-in and purges employees’ responses to your Protect health check. Companies on Premium and Enterprise plans can choose to save or purge the responses to both their visitor sign-in and employee health check. Retention settings can also be managed on a question by question basis for additional flexibility.
When responses are purged, the responses will be sent to Envoy’s server to determine if that person is approved or denied entry. This occurs in sub-seconds and then the data is deleted and not saved to our database. We run periodic jobs to ensure all data, except for the screening result (approved or denied) is deleted within 24 hours on all of Envoy’s databases.
Any visitor and employee sign-in data that is saved to Envoy based on your retention settings can be purged upon explicit request. This includes, sign-in and sign-out time for each entry, all information provided in the sign-in fields, private notes, visitor photos, and signed documents. Envoy may retain data not related to sign-ins like account settings, user profiles, and location details, for up to 30 days after the termination of the contract.
For more detailed information about how Envoy handles visitor data, please refer to this article:
https://envoy.help/en/articles/3444479-about-visitor-data#:~:text=All%20of%20your%20visitor%20data%20is%20stored%20indefinitely%20while%20you,delete%20or%20destroy%20your%20data Data archiving and removal policy
We only delete or purge data upon explicit request. Customer data is available for download as a CSV file through the dashboard or via our API. Data can be anonymized, which removes all personally identifiable information from your Visitor Log, upon request. Envoy may retain customer data for up to 30 days after the termination of the contract.
Data storage policy
When your iPad or mobile device is connected to a network, data syncs to Envoy automatically, and all records are stored in Envoy’s database. Backups are taken every day and stored off-site in either the AWS US-East-1 data center in Virginia, US-West-1 data center in California, or US-West-2 data center in Oregon. AWS oversees the physical security of these facilities and tightly controls who has access.
Data center location(s)
United States
App/service has sub-processors
yes
Guidelines for sub-processors