Data and Log Retention Policy
ConvertAPI service records small amount of data about the operation and/or use of its services and stores this data for 90 days. Submitted personal data/source files and the generated/destination files are kept only for the time necessary to efficiently process your requests. The records are considered confidential. ConvertAPI team takes active measures to prevent unauthorized access during this retention period.
In setting the retention period, ConvertAPI team has weighed a variety of competing interests. Chief among them are the need to:
- Maintain robust operational reliability of ConvertAPI network
- Respond to third parties who report issues that require investigation or resolution
- Limit log retention to reduce opportunities for inadvertent disclosure of operational data.
The following principles help guide ConvertAPI retention and stewardship of retained records:
- Minimize retention periods to protect the privacy of our community.
- Maintain appropriate retention periods to ensure the support, operations, and security of the ConvertAPI environment.
- Distribute retention across primary and secondary storage to ensure resilient and efficient use of resources when storing records.
- Narrowly restrict record access to two-factor authentication to IT staff with appropriate operational roles.
- Leverage Office of General Counsel to determine when it is appropriate to share data beyond ConvertAPI or preserve data in response to litigation or law enforcement requests.
Circumstances may arise in which specific data is kept for longer than 90 days and potentially disclosed to certain third parties. The use of any such retained data by authorized staff, and the release of any log information to third parties, are done under the direction and with the approval of ConvertAPI Office of the General Counsel.
Cloud services and IT services operated by providers beyond ConvertAPI may have record retention periods that exist beyond the scope and control of this policy.