Data retention policy
The time period for which June must retain customer data depends on the purpose for which it is used. June must retain customer data for as long as an account is active or in accordance with the agreement(s) between June and the customer, unless June is required by law or regulation to dispose of data earlier or retain data longer.
Data archiving and removal policy
June must dispose of customer data within 30 days of a request by a current or former customer or in accordance with the Customerβs agreement(s) with June. June may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements. June hosting and service providers are responsible for ensuring the removal of data from disks allocated to June use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of June employees should have access to delete customer data.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device re-issuance in accordance with NIST Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1).
Data storage policy
Personnel should be mindful of where to store data based on the degree of classification. Where possible, personnel should observe the principle of least privilege, or sharing only what absolutely needs to be known. For example, there is no need to share restricted data to persons who do not have the need to know. Personnel should be especially mindful when sharing data to external users outside of the company.
Data center location(s)
Germany
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no