Data Deletion Policy

Overview

DurhamONE takes a principled approach to the storage and deletion of Customer Data. DurhamONE website is engineered to achieve a high degree of speed, availability, durability, and consistency, and the design of systems optimized for these performance attributes must be balanced carefully with the need to achieve timely data deletion.
When you delete your Customer Data, DurhamONE’s deletion pipeline begins by confirming the deletion request and eliminating the data iteratively from application and storage layers, from both active and backup storage systems.
The logical deletion occurs in phases, beginning with marking the data for deletion in active storage systems immediately and isolating the data from ordinary processing at the application layer. Successive compaction and mark-and-sweep deletion cycles in DurhamONE’s storage layers serve to overwrite the deleted data over time. Cryptographic erasure is also used to render the deleted data unrecoverable. Finally, backup systems containing snapshots of DurhamONE active systems are retired on a standard cycle.
Deletion from application and storage layers may occur immediately depending on how the storage of the data has been configured and the timing of ongoing deletion cycles in the relevant storage layers and data centers. Deletion from active systems typically completes within about two months of the deletion request. Finally, Customer Data is removed from DurhamONE’s long-term backup systems, which preserve snapshots of DurhamONE’s systems for up to six months (180 days) to guard against natural disasters and catastrophic events.

Data Deletion Pipeline

Once Customer Data is stored in DurhamONE Platform, our systems are designed to store the data securely until it completes the stages of DurhamONE’s data deletion pipeline. This section describes this process in detail.

Stage 1 - Deletion Request

The deletion of Customer Data begins when the customer initiates a deletion request. Deletion requests may be handled in different ways depending on the scope of the customer’s request:

Resource Deletion: Individual resources containing Customer Data, such as the DurhamONE website, can be deleted upon request

Account Deletion: When you delete your DurhamONE account, it deletes all DurhamONE posts that are solely owned by you. Note that when there are multiple owners for a project, the project is not deleted until all owners are removed from the project or delete their DurhamONE accounts.

While deletion requests are designed primarily to be used by Customers to manage their data, DurhamONE may issue deletion requests automatically, for instance when a customer terminates their relationship with DurhamONE.

Stage 2 - Soft Deletion

Soft deletion is the natural point in the process to provide a brief internal staging and recovery period to ensure that there is time to recover any data that has been marked for deletion by accident or error. Individual DurhamONE products may adopt and configure such a defined recovery period before the data is deleted from the underlying storage systems so long as it fits within DurhamONE’s overall deletion timeline.

When a DurhamONE account is closed, DurhamONE may impose an internal recovery period up to 30 days, depending on past account activity. Once that grace period expires, a signal containing the deleted billing account user_id is broadcasted to resources tied solely to that user_id are marked for deletion.

Deletion Timeline

DurhamONE’s website is engineered to achieve a high degree of speed, availability, durability, and consistency, and the design of systems optimized for these performance attributes must be balanced carefully with the need to achieve timely data deletion. DurhamONE commits to delete Customer Data within a maximum period of about six months (180 days). This commitment incorporates the stages of DurhamONE’s deletion pipeline described above, including:

Stage 1 – Once the deletion request is made, data is typically marked for deletion immediately and our goal is to perform this step within a maximum period of 24 hours. After the data is marked for deletion, an internal recovery period of up to 30 days may apply depending on the service or deletion request.

Stage 2 – The time needed to complete garbage collection tasks and achieve logical deletion from active systems. These processes may occur immediately after the deletion request is received, depending on the level of data replication and the timing of ongoing garbage collection cycles. From deletion requests, it generally takes about two months to delete data from active systems, which is typically enough time to complete two major garbage collection cycles and ensure that logical deletion is completed.

Stage 3 – DurhamONE backup cycle is designed to expire deleted data within data center backups within six months of the deletion request. Deletion may occur sooner depending on the level of data replication and the timing of backup cycles