Customer data is retained for the duration of the customer’s contract with Lithium, unless otherwise instructed by the customer. When the contract ends, Lithium Support contacts the customer to offer data return. Then, after the data has been returned or declined by the customer, the data is deleted. Deletion occurs within thirty days with the following exceptions:
During and after the life of the contract, Lithium can use aggregated and anonymized data for metrics and reporting purpose. This data does not include any personal information nor any information about the customer or the end user.
Data Backup and Restoration
Information on backup tapes is encrypted using AES 256-bit information and tapes are over written every ninety (90) days. Access to the backup tapes is restricted to authorized individuals. Offsite tapes are kept in a secure facility. Backups are made daily and full backups weekly. We conduct backup restoration testing every six (6) months, in January and July.
When the contract ends, if the customer wishes to have a copy of the data, we provide the information to the customer in an XML format via our secure SFTP servers. The information on the SFTP servers remain intact for 30 days after which time it is deleted, unless otherwise instructed by the customer. The active data bases are also dropped from the production servers as well after the XML extraction is transferred to the customer.
After the media used for storage is retired, it is scrubbed or destroyed using NIST SP 800-88 guidelines.