1.6 KiB
Data Storage Policies & Procedures
Potential PII Locations
Tables
users1
- name
- email_address
- mobile_number
invited_users1
- email_address
invited_organization_users1
- email_address
jobs
No db data is PII, but each job has a csv file in s3 containing phone numbers and personalization data.
notifications
- to
- normalized_to
- _personalization2
- phone_prefix3
notification_history
- phone_prefix3
inbound_sms
- content2
- user_number
events
- data (contains user IP addresses)1
Notes
Note 1.
Users and invited users are Federal, State, or Local government employees or contractors. Members of the general public are not users of the system
Note 2.
Field-level encryption is used on these fields.
Details on encryption schemes and algorithms can be found in SC-28(1)
Note 3.
Probably not PII, this is the country code of the phone.
Data Retention Policy
Seven (7) days by default. Each service can be set with a custom policy via ServiceDataRetention by a Platform Admin. The ServiceDataRetention setting applies per-service and per-message type and controls both entries in the notifications table as well as csv contact files uploaded to s3
Data cleanup is controlled by several tasks in the nightly_tasks.py file, kicked off by Celery Beat.