📔
Aude Product Documentation
  • Welcome to Aude
    • Why Continuous Performance Management?
  • Goals
    • Introduction
    • Personal Development Goals
    • Performance Categories
      • Microsoft's Growth Mindset Principles
      • Google's Ten things we know to be true
      • Amazon's Leadership Principles
      • Engineering Excellence
    • Defining Effective Goals and Criteria
  • Managing Aude
    • User Management
      • Managing Users
      • User Roles
    • Team Management
      • Creating and Managing Teams
    • Managing Data Sources
      • Data Sources & Integration Setup
      • Issue Tracking
        • Jira
      • Source Control
        • Github
      • Knowledge Management
        • Confluence
      • Messaging
        • Slack
          • Managing the Aude for Slack App
  • Onboarding
    • Building Better Engineering Teams Together
    • Getting Started with Aude
      • Connecting Your Engineering Tools
      • Connecting GitHub
      • Connecting Slack
      • Connecting Jira and Confluence
      • Define Your Leadership Principles
      • Invite Users
      • Setting Up Your Teams
      • Calibrating Your Performance Insights
      • Connecting GitLab (Installation Guide)
  • Information Security
    • Aude Data Retention Policy
    • Aude Service Level Agreement
    • Aude Data Portability Policy
    • Aude Data Protection Policy
Powered by GitBook
On this page
  1. Information Security

Aude Data Retention Policy

  1. Purpose: This policy outlines Aude's procedures for retaining and disposing of customer data to ensure proper data management throughout the customer lifecycle.

  2. Scope: This policy applies to all data collected through Aude's performance management platform, including but not limited to:

    1. Engineering Activity Data

      1. GitHub/GitLab data: Pull requests, code reviews, commit messages

      2. Jira data: Ticket activity, assignments, comments

      3. Confluence data: Document contributions and edits

      4. Slack data: Messages and interactions in work-related channels

    2. Performance Management Data

      1. Goals and objectives

      2. Performance evaluations

      3. 1:1 meeting notes

    3. Feedback records

      1. Organizational Data

      2. Team structure and reporting relationships

      3. Role/title information

      4. Employee identifiers

  3. Data Retention Periods

    1. Active Customers

      1. All customer data is retained for the duration of the active business relationship

      2. Data is maintained and accessible throughout the service period

    2. Design Partners

      1. Data is retained for the duration of the design partner program

      2. Upon program completion, data is retained for 30 days unless converted to a paid customer

    3. Trial/Evaluation Users

      1. Data is retained for the duration of the trial period plus 30 days

      2. If not converted to a paid customer, data is purged after the 30-day grace period

  4. Data Deletion Process: Upon service termination or end of relationship:

    1. Customer receives notification of impending data deletion

    2. 30-day grace period begins

    3. Option to export data is provided

    4. After grace period, automatic purge process begins

  5. Data Purge Process

    1. All customer data is deleted from production systems

    2. Backup data is removed according to backup rotation schedule

    3. No customer data is retained beyond 90 days post-termination

  6. Customer Rights and Responsibilities

    1. Customers may request data export during active service period

    2. Early data deletion requests will be honored upon written or email confirmation

    3. Customers are responsible for extracting any desired data before the end of the grace period

  7. Compliance and Verification

    1. Audit Logs

      1. Audit logs record all data deletion events including:

        1. Date and time of deletion request

        2. Customer identifier

        3. Data categories deleted

        4. Verification of successful deletion

        5. Personnel who executed the deletion

        6. Method of deletion

      2. Audit logs are retained for 2 years after deletion

      3. Logs are encrypted and accessible only to authorized personnel

    2. Compliance with Data Protection Regulations

      1. GDPR Compliance

        1. Right to erasure ("right to be forgotten") honored upon request

        2. Data minimization principles followed

        3. Processing records maintained as required

        4. Data transfer mechanisms compliant with EU requirements

        5. CCPA Compliance

          1. Consumer deletion requests honored within 45 days

          2. Verification process for deletion requests

          3. Records of deletion requests maintained

        6. General Data Protection:

          1. Regular security assessments conducted

          2. Data processing agreements with subprocessors maintained

          3. Privacy impact assessments performed for new features

          4. Employee training on data protection requirements

          5. Incident response procedures in place

    3. Verification Process

      1. Customer can request written verification of deletion

      2. Deletion certificate provided including:

        1. Confirmation of data categories deleted

        2. Date of deletion

        3. Verification of completion

        4. Signed by authorized Aude representative

PreviousConnecting GitLab (Installation Guide)NextAude Service Level Agreement

Last updated 6 months ago