# Unberry - Data Retention & Deletion Policy | Document Information | | |---------------------|---| | **Effective Date** | December 30, 2025 | | **Version** | 1.0 | | **Classification** | Internal / Confidential | | **Applies To** | Unberry ATS, Assessments, Automated & AI Interviews | | **Deployment Model** | SaaS (AWS - India Region: ap-south-1) | | **Last Reviewed** | December 30, 2025 | | **Next Review Date** | December 30, 2026 | | **Policy Owner** | Kumar Shubham | | **Approved By** | [CTO/CISO Name] | --- ## 1. Purpose This policy defines how Unberry retains, secures, and deletes customer and candidate data in alignment with security, privacy, and operational requirements. It establishes standardized retention periods for different data categories and outlines procedures for secure data deletion. ### 1.1 Scope This policy applies to: - All data processed by the Unberry ATS platform - Assessment and interview data (automated & AI-assisted) - Data stored in production, staging, and backup environments - Data processed by third-party integrations ### 1.2 Objectives - Ensure compliance with regulatory and contractual obligations - Minimize data exposure by retaining only necessary data - Establish clear procedures for data deletion requests - Maintain audit trail for data lifecycle management --- ## 2. Data Categories & Retention Schedule ### 2.1 Candidate & Interview Data | Data Type | Description | Retention Period | Storage Location | Encryption | |-----------|-------------|------------------|------------------|------------| | Interview Recordings | Audio, video, screen captures | **3 months** from interview date | AWS S3 (ap-south-1) | AES-256 at rest, TLS 1.2+ in transit | | AI Interview Responses | Transcripts, AI-generated analysis | Duration of hiring workflow + client account lifecycle | MongoDB Atlas | Encrypted at rest | | Proctoring Artifacts | Snapshots, event logs, violation flags | **3 months** or until investigation complete | AWS S3 (ap-south-1) | AES-256 at rest | | Assessment Results | Scores, trait analysis, cognitive scores | Client account lifecycle | MongoDB Atlas | Encrypted at rest | **Automatic Purge:** Interview recordings and proctoring artifacts are automatically purged after the defined retention period via S3 lifecycle policies. ### 2.2 ATS & Application Data | Data Type | Description | Retention Period | Deletion Trigger | |-----------|-------------|------------------|------------------| | Candidate Profiles | Name, email, phone, resume, work history | Active client account + 30 days | Account termination or deletion request | | Job Applications | Application status, stage history, notes | Active client account | Account termination | | Resumes & Documents | Uploaded PDF/DOC files | Active client account | Account termination or candidate request | | Interviewer Feedback | Ratings, comments, scorecards | Active client account | Account termination | | Offer Letters | Generated offer documents | Active client account + regulatory period | As per client policy | **Note:** Upon client account termination or written request, data is securely deleted or exported as requested within the timeframe specified in Section 4. ### 2.3 System Logs & Audit Data | Log Type | Description | Retention Period | Access Control | |----------|-------------|------------------|----------------| | Application Logs | API requests, errors, performance metrics | **90 days** | Role-based (DevOps, Engineering) | | Access Logs | User authentication, session events | **1 year** | Role-based (Security, Compliance) | | Security Logs | Failed logins, suspicious activity, alerts | **1 year** | Restricted (Security Team) | | Audit Logs | Data modifications, admin actions | **7 years** | Restricted (Compliance) | | CloudWatch Logs | Infrastructure monitoring | **90 days** | Role-based (DevOps) | **Log Sanitization:** Logs are configured to exclude Personally Identifiable Information (PII). Sensitive fields (authorization headers, tokens) are redacted before logging. ### 2.4 Database Backups & Recovery Data | Backup Type | Frequency | Retention Period | Encryption | Storage Location | |-------------|-----------|------------------|------------|------------------| | MongoDB Atlas Automated Backups | Continuous (point-in-time) | **7 days** | AWS KMS | ap-south-1 (Mumbai) | | Daily Snapshots | Daily | **7 days** | AWS KMS | ap-south-1 (Mumbai) | | Weekly Snapshots | Weekly | **4 weeks** | AWS KMS | ap-south-1 (Mumbai) | | Disaster Recovery Backup | Weekly | **30 days** | AWS KMS | ap-south-1 (Mumbai) | **Data Residency:** All backups and snapshots are stored within the AWS India region (ap-south-1) to maintain data residency requirements. --- ## 3. Data Deletion Procedures ### 3.1 Routine Automated Deletion The following data is automatically deleted based on configured retention policies: | Data Type | Mechanism | Schedule | |-----------|-----------|----------| | Interview Recordings | S3 Lifecycle Policy | 90 days after creation | | Proctoring Artifacts | S3 Lifecycle Policy | 90 days after creation | | Application Logs | CloudWatch Retention | 90 days | | Expired Sessions | MongoDB TTL Index | Immediate upon expiry | ### 3.2 Client-Initiated Deletion Clients may request deletion or export of their data at any time through the following channels: | Request Type | Method | Processing Time | |--------------|--------|-----------------| | Data Export | Client Admin Portal or Support Request | 5-10 business days | | Account Termination | Written request to support | 30 business days | | Specific Data Deletion | Support ticket | 10 business days | **Process:** 1. Client submits request via authorized channel 2. Request validated against authorized contacts list 3. Data identified and scope confirmed 4. Deletion executed across primary and backup systems 5. Confirmation provided to client with deletion certificate ### 3.3 Candidate Data Subject Requests Candidate data deletion requests (e.g., GDPR Article 17 "Right to Erasure") are processed as follows: | Request Source | Processing | |----------------|------------| | Via Client | Client forwards request; Unberry executes deletion | | Direct to Unberry | Unberry notifies client; deletion executed upon client approval | **Scope of Deletion:** - Candidate profile data - Resume and uploaded documents - Assessment results and scores - Interview recordings and transcripts - Application history **Exceptions:** Data may be retained if required for legal holds or ongoing investigations (see Section 6). ### 3.4 Deletion Verification | Step | Description | |------|-------------| | Primary Deletion | Data removed from production databases | | Backup Propagation | Backups containing deleted data expire per retention schedule | | Audit Log | Deletion event logged with timestamp, user, and scope | | Confirmation | Deletion certificate generated upon request | --- ## 4. AI & Third-Party Data Processing ### 4.1 AI Services | Service | Provider | Purpose | Data Retention | |---------|----------|---------|----------------| | ChatGPT/GPT-4 | OpenAI | Candidate profiling, analysis | **Stateless** - No retention by provider | | Transcription | Azure Speech Services | Interview transcription | **Stateless** - No retention by provider | | Resume Parsing | Internal Service | Resume data extraction | Retained per candidate data policy | **Key Controls:** - AI services are used only for scoped processing (transcription, analysis, profiling) - Candidate data is **not used to train third-party models** - Processing is stateless where possible; data is not retained beyond defined workflows - Only anonymized scores are sent to external AI APIs (no PII) ### 4.2 Third-Party Integrations | Integration | Data Shared | Retention by Third Party | |-------------|-------------|--------------------------| | Calendar (Google/Outlook) | Interview schedule metadata | Per provider policy | | Video Conferencing (Zoom) | Meeting links only | Per provider policy | | Email Services (AWS SES) | Transactional emails | 30 days (delivery logs only) | --- ## 5. Security Controls ### 5.1 Encryption | State | Method | Key Management | |-------|--------|----------------| | At Rest (S3) | AES-256 (SSE-S3 or SSE-KMS) | AWS KMS | | At Rest (MongoDB) | AES-256 | MongoDB Atlas Encryption | | In Transit | TLS 1.2+ | AWS Certificate Manager | | Backups | AES-256 | AWS KMS | ### 5.2 Access Controls | Control | Implementation | |---------|----------------| | Database Access | VPN + IP Whitelisting + MFA | | Production Systems | Role-based access (RBAC) | | Backup Access | Restricted to authorized personnel | | Log Access | Role-based, audit logged | ### 5.3 Data Segregation - Multi-tenant architecture with logical segregation via `companyId` - All database queries filtered by authenticated user's company context - No cross-tenant data access possible at application level --- ## 6. Exceptions & Legal Holds Data may be retained beyond standard retention periods only in the following circumstances: | Exception | Authority | Duration | |-----------|-----------|----------| | Legal/Regulatory Obligation | Legal Counsel | As required by law | | Active Litigation | Legal Counsel | Until litigation resolved | | Fraud/Abuse Investigation | Security Team | Until investigation complete | | Security Incident | Security Team | Until incident resolved + 1 year | | Explicit Client Request | Client (written) | As specified in request | **Legal Hold Process:** 1. Legal/Security team identifies data subject to hold 2. Automated deletion suspended for identified data 3. Hold documented with scope, reason, and expected duration 4. Hold lifted and normal retention resumes upon resolution --- ## 7. Compliance Alignment Unberry's data retention practices are governed through: | Framework | Status | Evidence | |-----------|--------|----------| | SOC 2 Type II | ✅ Certified | Annual audit report available | | GDPR | ✅ Compliant | DPA available upon request | | Internal ISMS | ✅ Implemented | Information Security Management System | | ISO 27001 | 🔄 In Progress | Certification planned | ### 7.1 Contractual Obligations - Data Protection Agreements (DPAs) executed with enterprise clients - Retention terms may be customized per client contract - Client-specific requirements take precedence where more restrictive --- ## 8. Roles & Responsibilities | Role | Responsibility | |------|----------------| | **Data Protection Officer** | Policy oversight, compliance monitoring | | **Engineering Team** | Implementation of retention mechanisms | | **DevOps Team** | Backup management, log retention configuration | | **Security Team** | Access control, audit, legal hold management | | **Support Team** | Processing deletion/export requests | | **Legal/Compliance** | Regulatory guidance, legal hold authority | --- ## 9. Policy Review & Updates | Aspect | Frequency | |--------|-----------| | Policy Review | Annual (or upon significant change) | | Retention Schedule Review | Annual | | Compliance Audit | Annual (SOC 2) | | Technical Controls Verification | Quarterly | --- ## 10. Document History | Version | Date | Author | Changes | |---------|------|--------|---------| | 1.0 | December 30, 2025 | Kumar Shubham | Initial version | --- ## Appendix A: Retention Summary Table | Data Category | Retention Period | Auto-Delete | Encryption | |---------------|------------------|-------------|------------| | Interview Recordings | 3 months | ✅ Yes | ✅ AES-256 | | Proctoring Artifacts | 3 months | ✅ Yes | ✅ AES-256 | | Candidate Profiles | Account lifecycle | ❌ On request | ✅ Yes | | Assessment Results | Account lifecycle | ❌ On request | ✅ Yes | | Application Logs | 90 days | ✅ Yes | ✅ Yes | | Audit Logs | 7 years | ❌ Manual | ✅ Yes | | Database Backups | 7-30 days | ✅ Yes | ✅ KMS | --- ## Appendix B: Related Documents - [Access Review Report](./ACCESS_REVIEW_REPORT.md) - [Incident Response Procedure](./INCIDENT_RESPONSE_PROCEDURE.md) - [Logical Segregation Architecture](./LOGICAL_SEGREGATION_ARCHITECTURE.md) - [AI/ML Use Register](./AI_ML_USE_REGISTER.md) --- *This document is confidential and intended for internal use and authorized external parties (e.g., auditors, enterprise clients) only.* ---