Data Retention Notice
Last updated: Wednesday, 27th July ’23
Being a provider of the world’s most connected cloud communications platform, Infobip understands that you, as our customer, should be able to choose your own retention rules in accordance with your business needs and applicable legal requirements. At the same time, it is crucial to ensure the personal data we process on your behalf is timely deleted.
Therefore, our data retention practices reaffirm the main principle we apply when we process personal data on your behalf – we keep and delete the data in accordance with what has been agreed with you.
Data stored for you on our platform
When you use our services, we collect the mobile phone number, channel-specific unique IDs, the email address of the person you contact (your end-user), and the content of the communication you send or receive. Also, in our customer-facing repositories, you will find logs, reports, and analytics about the communications you send and receive.
We also keep on your behalf the data you store in People (customer data platform), Knowledge Base, and other similar databases, as well as the voice and video recordings you create.
Default retention periods
Unless otherwise agreed with you, we will implement the following default retention rules to ensure your data are kept no longer than necessary:
| Data | Deletion trigger | Default retention period after deletion triggered |
|---|---|---|
| Communication content | Date the conversation or chat started | 6 months (Answers and Conversations) |
| Communication content | Date of communication | 3 months (CPaaS services) |
| Associated communication logs and reports with details about your communication with message text and traffic data* | Date the conversation or chat started | 6 months (Answers and Conversations) |
| Associated communication logs and reports with details about your communication with message text and traffic data* | Date of communication | 3 months (CPaaS services) |
| Communication campaigns in Flow and Broadcast | Termination of communication campaign | 3 months |
| Media (images, audio files, or other attachments) received via OTT channels | Date of communication | 30 days |
| Advanced analytics in Conversations, Moments, and Answers | Date of communication | 6 months |
| Data stored in People, Knowledge Base, and other databases on behalf of our customers | Contract termination or 18 month inactivity | 30 days |
| Voice and video recordings | Contract termination or 18 month inactivity | 30 days |
| Email content | Date of communication (SMTP API) | 7 days |
| Email content | Date of communication (HTTP API) | 2 days (if send at feature used, countdown starts at send at date) |
| Email attachments and inline media that are received and sent | Date of communication with the end user | 1 year (Answers and Conversations) |
*Traffic data: information about the routing, duration or timing of the communication, and communication’s source and destination such as a mobile phone number or an e-mail address.
Customised retention
If your business needs require retention periods that differ from our default rules, we give you the possibility to customise the default retention period. While a request to decrease the retention period is free of charge, a request to extend it implies additional costs.
If you want to make any changes to the default retention periods, please contact your sales representative or our support team. They will be glad to help you.
You can export your data
We want to remark that you can export the logs and reports with details about your communication with message text and traffic data from the customer-facing tools following the features available for the product you use.
Our purposes
We use traffic data and communication detail records (CDRs) for our own purposes as well, such as billing, settling interconnection payments, dispute resolution, and anti-fraud/anti-spam purposes. These data also include your end users’ phone numbers or email addresses.
The personal data within the traffic data and CDRs (such as your end-users’ phone number or email address) are deleted or anonymized after 12 months unless applicable laws require longer retention.
All details about Infobip’s processing activities, including traffic data and CDRs processing, can be found in our Privacy Notice.
