Knowledge Base
Data Retention Policy
Data Retention Policy
This Data Retention Policy explains how long Canvass Global retains different types of data, why we retain it, and how we ensure secure deletion when retention periods expire. Understanding our data practices helps you make informed decisions about your participation in our platform.
Effective Date: This policy is effective as of the date you register with Canvass Global and is updated periodically to reflect legal requirements and operational needs.
Policy Overview
Our data retention practices are guided by:
- Legal Compliance: Meeting requirements under GDPR, PIPEDA, and other privacy laws
- Operational Necessity: Retaining data only as long as needed for platform operation
- User Control: Providing users with control over their data
- Security First: Ensuring secure deletion when data is no longer needed
- Transparency: Clear communication about retention periods and practices
Data Categories and Retention Periods
| Data Type | Retention Period | Reason for Retention | Deletion Method |
|---|---|---|---|
| Account Information Name, email, phone, address |
Active account + 3 years after account closure | Service provision, legal compliance, audit requirements | Secure deletion from all systems |
| Camera Registration Data Location, photos, descriptions |
Active account + 1 year after camera removal | Platform operation, law enforcement coordination | Secure deletion including backups |
| Footage Files Video files uploaded by users |
30 days after upload (or case closure) | Law enforcement access, evidence preservation | Cryptographic deletion + secure overwrite |
| Request History Footage requests, responses, metadata |
7 years from request date | Legal compliance, audit trail, dispute resolution | Secure archival then deletion |
| Platform Usage Data Login logs, feature usage, performance |
2 years from collection | Security monitoring, platform improvement | Automated secure deletion |
| Communication Records Messages, support tickets, notifications |
3 years from last activity | Customer service, legal compliance | Secure deletion with audit log |
| Financial Records Payment info, rewards, transaction history |
7 years from transaction | Tax compliance, accounting requirements | Secure archival then deletion |
Detailed Data Categories
Camera Footage
Retention Period: 30 days maximum
Details:
- Footage is automatically deleted 30 days after upload
- Users can request immediate deletion at any time
- If linked to an active case, deletion may be delayed until case closure
- Law enforcement has no independent access beyond user-approved timeframe
- All copies including temporary processing files are deleted
Personal Account Information
Retention Period: 3 years after account closure
Details:
- Basic contact information kept for legal compliance
- Payment information deleted immediately upon request
- Account closure can be requested at any time
- Some information may be retained longer if required by law
Law Enforcement Request Records
Retention Period: 7 years from request date
Details:
- Metadata about requests (who, when, what) kept for audit purposes
- Actual footage files deleted after 30 days
- Required for legal compliance and dispute resolution
- Anonymized after 3 years where legally permissible
Special Circumstances
Legal Holds
In certain situations, normal deletion schedules may be suspended:
- Active Legal Proceedings: Data relevant to ongoing litigation
- Regulatory Investigations: Information subject to government inquiry
- Criminal Cases: Evidence in active criminal investigations
- Dispute Resolution: Data needed to resolve user disputes
Legal Hold Process
When a legal hold is placed, affected users are notified within 30 days (unless prohibited by law). Data is restored to normal deletion schedules once the hold is lifted.
Early Deletion Requests
Users can request early deletion of their data:
- Immediate Deletion: Footage can be deleted anytime before 30-day limit
- Account Closure: All personal data deleted within 90 days
- Partial Deletion: Specific data categories can be removed
- Emergency Deletion: Expedited processing for urgent privacy concerns
Data Deletion Processes
Secure Deletion Standards
- Cryptographic Deletion: Encryption keys destroyed making data unrecoverable
- Physical Overwriting: Multiple-pass overwriting of storage media
- Backup Verification: Confirmation all backup copies are deleted
- Third-Party Systems: Deletion verified across partner systems
- Audit Trail: Documentation of deletion process maintained
Automated Deletion Systems
Our platform uses automated systems to ensure timely deletion:
- Daily scans identify data ready for deletion
- Automated deletion processes run nightly
- Multiple verification checks ensure complete removal
- Audit logs created for all automated deletions
- Manual review required for legal hold exceptions
Geographic Data Considerations
Cross-Border Data Storage
Data may be stored in multiple jurisdictions:
- Primary Storage: Canadian data centers for Canadian users
- Backup Systems: Geographically distributed for redundancy
- Processing Locations: May involve US-based cloud services
- Retention Alignment: Shortest applicable retention period used
Jurisdiction-Specific Requirements
Canada (PIPEDA)
- Personal information retained only as long as necessary
- Secure disposal required when no longer needed
- Users have right to request deletion
European Union (GDPR)
- Right to erasure (“right to be forgotten”)
- Data minimization principle applied
- Explicit consent required for extended retention
United States (State Laws)
- California CCPA deletion rights honored
- State-specific law enforcement data requirements
- Industry-standard deletion practices followed
User Rights and Controls
Your Data Rights
- Access: Request copies of all data we hold about you
- Correction: Update inaccurate or incomplete information
- Deletion: Request deletion of your personal data
- Portability: Export your data in machine-readable format
- Restriction: Limit processing of your personal data
- Objection: Object to certain types of data processing
How to Exercise Your Rights
- Log in to your dashboard and visit “Privacy Settings”
- Use self-service options for immediate actions
- Contact our Privacy Team for complex requests
- Provide verification of identity for security
- Receive confirmation within 30 days
Data Retention Monitoring
Internal Oversight
- Data Protection Officer: Oversees retention policy compliance
- Quarterly Reviews: Regular assessment of retention practices
- Automated Monitoring: Systems track retention periods automatically
- Audit Procedures: Regular internal and external audits
Retention Schedule Updates
This policy may be updated to reflect:
- Changes in legal requirements
- Operational improvements
- Technology upgrades
- User feedback and requests
Notice of Changes: Material changes to retention periods will be communicated to users 30 days before implementation, with options to modify or close accounts if desired.
Contact Information
For questions about our data retention practices:
- Privacy Team: privacy@canvassglobal.com
- Data Protection Officer: dpo@canvassglobal.com
- Phone: 1-800-CANVASS (Privacy Department)
- Mail: Data Protection Officer, Canvass Global, Toronto, ON
Related Compliance
This policy supports our compliance with:
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Provincial privacy legislation
- Industry security standards (SOC 2, ISO 27001)