How Vaxini retains data we collect
Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When you delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers or retained only in anonymized form. Read about how Vaxini anonymizes data.
Information retained until you remove it
We offer a range of services that allow you to correct or delete data stored in your Vaxini Account. For example, you can:
- Edit your personal info
- Delete items from your timeline
- Delete content like jab information and immunization documents
- Remove jabs, users, administrators or pictures from your Vaxini Account
- Delete your Vaxini Account entirely
We’ll keep this data in your Vaxini Account until you choose to remove it. And if you use our services without signing in to a Vaxini Account, we also offer you the ability to delete some information linked to what you use to access our services, like a device, browser or app.
Data that expires after a specific period of time
In some cases, rather than provide a way to delete data, we store it for a predetermined period of time. For each type of data, we set retention timeframes based on the reason for its collection. For example, to ensure that our services work properly on many different types of devices, we may retain the requests of your devices to our service for up to 12 months in our log files, after which those files will be automatically and irreversibly deleted. We also take steps to delete certain data within set time periods. For example, we delete cached information on our Vaxini app after 7 days. Other pieces of information like cookies indicating your language preference for our website are deleted after one year, session information are deleted after you close your browser, and so on. Identity tokens you get to interact with our backend services are voided after you close your app. Links you might request for resetting your credentials also are invalidated after 24 hours.
Information retained until your Vaxini Account is deleted
We keep some data for the life of your Vaxini Account if it’s useful for helping us understand how users interact with our features and how we can improve our services. For example, after you delete a specific Vaxini record from your timeline, we might keep information about how often you search for things or open your application, but not what you searched for. When you delete your Vaxini Account, this information is also removed.
Information retained for extended time periods for limited purposes
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. For example, when Vaxini processes a payment for you, or when you make a payment to Vaxini, we’ll retain this data for longer periods of time as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time include:
- Security, fraud & abuse prevention
- Financial record-keeping
- Complying with legal or regulatory requirements
- Ensuring the continuity of our services
- Direct communications with Vaxini
Enabling safe and complete deletion
When you delete data in your Vaxini account, we immediately start the process of removing it from the product and our systems. First, we aim to immediately remove it from view and the data may no longer be used to personalize your Vaxini experience. For example, if you delete a jab you registered for one user profile from your timeline, Vaxini will immediately stop showing that entry in your immunization status.
We then begin a process designed to safely and completely delete the data from our storage systems. Safe deletion is important to protect our users and customers from accidental data loss. Complete deletion of data from our servers is equally important for users’ peace of mind. This process generally takes around 12 months from the time of deletion. This often includes up to a two-month-long recovery period in case the data was removed unintentionally.
Each Vaxini storage system from which data gets deleted has its own detailed process for safe and complete deletion. This might involve repeated passes through the system to confirm all data has been deleted, or brief delays to allow for recovery from mistakes. As a result, deletion could sometimes take longer when extra time is needed to safely and completely delete the data.
Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters. Data can remain on these systems for up to 24 months.
As with any deletion process, things like routine maintenance, unexpected outages, bugs, or failures in our protocols may cause delays in the processes and timeframes defined in this article. We maintain systems designed to detect and remediate such issues.