Data Retention Policy
This policy sets out our standard data retention policy and distinguishes between the types of information that are automatically held by Sitekit CMS. Revised for CMS release 10.3
Implementation
This policy is technically implemented by a series of automated cleanup tools and PET (Privacy Enhancing Technology) features built into Sitekit CMS.
What this covers
This policy covers all data on Sitekit CMS, as applied to the Sitekit shared environment. This policy does not include any data being stored outside of Sitekit CMS, or any data on your own deployed or dedicated installation of Sitekit CMS. It does not cover data stored as part of bespoke Sitekit development. It only covers sites running on our secure shared hosting environment.
The policy presently covers archived data in the backend of Sitekit CMS. There will be no automatic cleanup of public facing parts of any website. This means that pages on the public facing website are safe and will not be changed.
For any elements not listed below our current retention policy is to aim to hold all other data indefinitely. We may change this as systems and site architecture evolve but will always tell clients in advance of any important changes.
There may be exceptions to this policy, and if your own data retention needs are beyond those provided for below then you should contact support@sitekit.net and request an exception.
Hosting space
Hosting space on Sitekit CMS does not include the Sitekit CMS footprint, therefore archived data is not counted towards your allocated space. Data retention is completely separate to the storage space that clients purchase. Clients who purchase a smaller storage allocation on the shared environment will not be penalised and will benefit from the same data retention policy as those who pay for more storage space. Likewise, additional storage space does not mean unfairly exaggerated data retention.
Action you may wish to take
If you wish to keep any data for any periods longer than those mentioned below then you must ensure that you have a process and means to store the data to ensure it is not automatically removed.
Any data retention period set within the system should be treated as a baseline maximum period, you may wish to remove unnecessary information more frequently in accordance with your own policy.
It should be noted that Sitekit CMS can help automate parts of a good data protection policy, but it cannot remove or replace your responsibility under The UK Data Protection Act (DPA) or the EU Data Protection Directive.
Sitekit CMS is first and foremost a content management system, and should not be used to replace long term storage systems employed in retaining information required for administration or regulatory purposes. Some of the retention policies below have not yet been applied but Sitekit reserve the right to do so.
Specific details for information types:
| Area | Default retention policy | What this affects | Current action |
|---|---|---|---|
| Sitekit history data | Rolling 12 month retention | This relates to the history of changes within Sitekit CMS and is exposed through the interface primarily as the audit trail. | Was SiteKit_HistoryXMLArchive is now AssetHistoryMeta, not currently managed |
| Sitekit admin sessions | 24 hour retention | This relates to the active logged in session within the admin system. | 24 hours , managed via trackerbatchjob |
| Sitekit events | 30 day retention | This affects the standard events module available on all sites. | Not currently managed |
| Sitekit file downloads | Rolling 12 month retention on any non-live data | This relates to only non-live (superseded) versions of a file. Live files are set to be retained indefinitely. | Not currently managed |
| Sitekit form submissions | Rolling 12 month retention | This relates to information transmitted by a visitor via a Sitekit form. |
Not currently managed |
| Sitekit mailing list subscribers | Rolling 12 month retention | This relates to contact details either from opted in users or bulk uploaded subscriber list | Not currently managed |
| Sitekit tracking files | Rolling year retention | This relates to tracking information on files - this is presently exposed via the admin system in the file library and in the statistics report. | 1 year , managed via trackerbatchjob, held in Assethits. |
| Sitekit tracking images | Rolling year retention | This relates to tracking information on images - this is presently not exposed via the admin system, but can be manually extracted. | 1 year , managed via trackerbatchjob, held in Assethits |
| Sitekit tracking search | Rolling 30 day retention | This relates to the history of searches which have been carried out by visitors on the live site. | 30 days (configurable in web.config) , managed via trackerbatchjob. |
| Sitekit visitor sessions | deleted nightly | This relates to the history of individual visitor sessions on the website, it is typically exposed via the 'who's on' report. | All deleted every night , managed via trackerbatchjob |
| Sitekit wastebasket contents | Retention TBC | This relates to items deleted by administrators | This means that your wastebasket will periodically empty. Not currently managed |
| Sitekit postcard results | 12 month retention | This relates to individual messages sent via the e-cards or postcard module. Although there is no interface to extract this data, it is retained for historic purposes | This functionality is deprecated and will be deleted in a subsequent release. |
| Sitekit directory pro events | 30 day retention | This affects individual events from the 'directory pro' module, This is the advanced events module which is in use in a limited number of sites. | Not currently managed |
| Sitekit directory pro front end log | Rolling 60 day retention | This relates to 'directory pro' which is an advanced directory module used on a small number of sites. The data is kept for system reasons and is not visible to the public or to users of the admin system. | Not currently managed |