Data retention policy
CII retains Customer Data for Ninety (90) calendar days or until the Customer Owner requests disposal, whichever is earliest.
Data archiving and removal policy
Data disposal entails first destroying the AES-256 encryption keys used for data access, rendering the stored data unusable. This encrypted data is then deleted.
Data storage policy
All sensitive data classified according to CII's Data Classification policy is encrypted at rest and in transit using strong, industry-recommended algorithms. Encryption at rest is used across multiple systems and layers of the stack including file systems, file object stores, databases, third-party SaaS services, and directly in CII's own developed components. Encryption in motion is primarily achieved through the use of Transport Layer Security (TLS), but may include other secure protocols.
Data center location(s)
Australia
Data hosting details
Hosted on AWS ap-southeast-2 (Sydney)
App/service has sub-processors
no
App/service uses large language models (LLM)
no