Unique AI Documentation

Data Retention and Data Deletion at Unique

3 min read

Purpose

The purpose of this document is to ensure that clients and users understand how Unique manages data retention and deletion. By outlining our standard practices and acknowledging potential customizations, we aim to maintain transparency and meet diverse contractual requirements effectively. This document provides a comprehensive overview of our policies and procedures regarding the retention and deletion of data. While it details our general principles, please note that individual setups may vary based on specific client contracts and needs.

info

This applies to Unique hosted deployments only.

Data Retention

  • None of the data is used for AI model training or any other neural network training. This ensures that all client data remains secure and private, adhering to our commitment to data protection and confidentiality.

  • No data is shared in any way with OpenAI. The Azure OpenAI models are separately deployed within the Azure customer environment, completely separate from public OpenAI services.

  • No data sent to or received from the Azure OpenAI model is stored for human review by Microsoft as we have an opt-out agreement with Microsoft and disabled abuse monitoring.

  • Logging data will still be available for up to 1 year after contract termination, or longer if legally required for audit purposes.

  • We are collecting aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our business user may need to improve the services in line with the Data Protection Agreement (DPA) and privacy policy. We may collect also Personal data for the following purposes:

    • To facilitate, operate, enhance, and provide our Services;

    • To provide our Customers and users with assistance and support;

    • To gain a better understanding on how individuals use and interact with our Sites and Services, and how we could improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our Services;

Data storage and retention for Single Tenants:

Azure Single Tenant Setup: Microsoft Services

Service

Data

Retention

Encrypted in transit

Encrypted at rest

Azure OpenAI Cognitive Services

  • Documents

  • In memory processing only → no storage

  • (Opt-out logging & human review)

n.a. (processing only)

Azure OpenAI Cognitive Services

 

  • Prompts & Answers

In memory processing only for → no storage

(Opt-out logging & human review)

n.a. (processing only)

Storage Accounts

  • Documents

  • No Minimal storage requirement.

  • Deletion on request.

Vector DB (Qdrant)

  • Embedding vectors (for each document text)

  • No Minimal storage requirement.

  • Deletion on request.

Flexible Postgres Server

  • Prompts & answers

  • Document texts

  • No Minimal storage requirement.

  • Deletion on request.

Deletion process at Unique

  • For specific deletion requests not covered in contract or above (e.g. GDPR-related request on personal data deletion), the customer may write an email to our Security & Compliance Team and request the manual deletion. Unique confirms via email once deletion is completed.

Deletion after termination of contract

  • Unique's standard data retention period is 30 days after the contract is terminated, unless specified otherwise in the client's contract.

  • All data (including access rights) is deleted after the end of the contract.

  • Files will be available for an additional 30 days after they are deleted to be able to recover them in case of an accidental or malicious delete/overwrite

  • Unique ensures that all files are erased or anonymized upon final deletion after retention periods expire and that data in databases is not just marked as deleted but deleted from the database upon deletion. This applies to all data stored in Switzerland of the Microsoft Azure Cloud or another chosen location by the client for the duration of the contract or until the user manually deletes the data.

Backups

  • Unique’s databases run automatic backups to ensure rapid restoration of data when needed.

  • Unique’s backups have a RPO of 24 hours

  • Backups will be available for an additional 2 weeks after data is deleted (data deletion period is 30 days after contract ends).

  • Backups will be available for an additional 2 weeks after data is deleted.

Encryption in Place

  • Data in transit between the Unique service and Unique clients is encrypted using TLS 1.2+ protocol.

  • Encrytion at rest: For the Unique hosted single tenant, Unique lets Azure generate keys which are stored in the Single Tenants own Key Vault. These are HSM-backed (FIPS 140-2 Level 2) 4096 bit RSA keys. The keys are still stored in an Azure Key Vault but managed by Unique. The disks are encrypted with FIPS 140-2 compliant AES256. For Unique hosted multi tenant, Unique uses Microsoft / platform managed encryption keys that are not HSM-backed.

  • Encryption for Azure Backup: For Azure Backup, all backups are encrypted.

Last updated