Overview
Privacy and retention controls ensure that client and end-user information is handled responsibly. Codexium builds privacy principles and retention rules directly into our architectures and operational processes.
Privacy by Design
- Minimizing collection of personal or sensitive data.
- Using pseudonymization or tokenization to reduce direct identifiers where feasible.
- Isolating production data and limiting its use in non-production environments.
Data Retention Policies
For each system, Codexium defines what data is stored, how long it is retained, and how it is archived or deleted:
- Transactional data retention periods aligned with business needs.
- Log retention chosen to balance visibility and privacy.
- Backup retention aligned to recovery objectives and regulation.
Data Subject Rights Support
When Codexium acts as processor, we support client-directed data subject requests such as access, correction, portability, and deletion. We provide the technical mechanisms to locate, export, or remove data where feasible and lawful.
Secure Deletion
- Use of cloud-native lifecycle policies and secure erase mechanisms.
- Alignment of backup deletion with retention policies and legal holds.
Shared Responsibilities
Client
- Define legal and regulatory retention requirements.
- Communicate privacy obligations and subject-rights needs.
Codexium
- Implement retention rules and automate lifecycle where possible.
- Limit access to personal data based on need-to-know.
Cloud Provider
- Provide secure deletion and lifecycle tooling.
- Document data residency and replication behavior.