Data Retention Policy
Explains how long we store different types of data and when we delete or anonymize them.
Last updated: May 16, 2025
1. Purpose
This Data Retention Policy outlines Face2Face’s practices for retaining personal data, balancing operational needs, legal obligations, and GDPR compliance (storage limitation principle).
2. Scope
This policy applies to all personal data processed by Face2Face, covering both our internal operations (as Controller) and data processed on behalf of customers (as Processor).
3. Retention Schedule
Data Category | Example Data Types | Retention Period | Reason |
Marketing | Email addresses, names | Until unsubscribe | Consent |
Billing & Payments | Billing addresses, payment information | 7 years | Legal Obligation |
Customer Support | Names, emails, support communications | 2 years after resolution | Contract |
Website Analytics | IP addresses, browser/device data | 24 months | Legitimate Interest |
Recruitment | Resumes, emails, LinkedIn profiles | 6 months | Legitimate Interest, Consent |
Call Recordings | Audio/video recordings, participant metadata | Customer-defined; default 30 days | Contract |
User Interaction Logs | Session data, event tracking, metadata | Pricing-dependent; default 24 months | Contract, Legitimate Interest |
Error Logs | Error reports, session identifiers | 12 months | Legitimate Interest |
Authentication Data | Email addresses, hashed passwords | Until account deletion | Contract |
4. Data Deletion & Anonymization
Upon retention period expiry or service cancellation, Face2Face maintains customer data for 90 days before performing secure deletion. During this retention window, customers should request any necessary data exports, as the data becomes non-retrievable after deletion. Face2Face retains certain anonymized usage data and metrics for analytical purposes, with all personal identifiers removed in compliance with privacy regulations.
4.1 Inactive Visitor Data
To optimize platform performance and data minimization principles, Face2Face reserves the right to delete data associated with inactive visitors (defined as visitors who have not placed any calls and have not visited the customer's website more than twice) after 30 days of inactivity, unless otherwise specified in the customer's service agreement. Customers requiring extended retention of inactive visitor data should specify this requirement in their service agreement.
5. Responsibilities
The Privacy Lead, Nick Tomic, is responsible for overseeing adherence to this policy and conducting annual reviews to maintain compliance and address evolving operational needs or regulatory requirements.
6. Contact
If you have questions regarding our data retention practices, please contact:
Nick Tomic
Privacy Lead, Face2Face
Last updated on May 16, 2025