Customer data stored by Apperio is only retained for as long as it is needed, and then deleted.
Upon termination of a customer contract, data stored in Apperio for the customer will be deleted. In the case of legal time entry data, law firms are contacted to request that they stop sending data to Apperio for the customer. For all other data stored in the customer account, this is deleted as part of the account deletion.
Data backups are retained for 21 days. Deleted data may still be held in backup systems during this time period and will be permanently removed as backups expire.
All data stored in Apperio is encrypted at rest and so cannot be recovered from storage devices without the encryption keys. In addition to this, when storage devices are decommissioned, they are sanitised using techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”).