Skip to content
  • There are no suggestions because the search field is empty.

iComply Data Governance & Retention Policy

Effective: September 4, 2023

1. Our Commitment to Data Governance

At iComply, our commitment to privacy, security, and transparency is fundamental to our mission. This policy outlines our data governance and retention practices, which are designed to protect our clients' data, provide them with control, and adhere to the highest global standards for data protection, including the principles of GDPR, PIPEDA, and CCPA/CPRA. Our unique "Edge-AI" architecture is central to this commitment, enabling security and compliance by design.

2. Scope and Applicability

This policy applies to all data processed within iComply's software and services across all license types. It should be read in conjunction with the iComply Master Services Agreement (MSA) and any specific Service Level Agreement (SLA), which may define customized terms for your account.

3. The Data Lifecycle: Active Subscriptions

Our data management processes are designed for security and resilience throughout the lifecycle of your data.

  • Continuous Archival: All data on the iComply platform under a SaaS license is continuously archived. For operational resilience, daily archives are retained locally within the jurisdiction of origin for 90 days.
  • Long-Term Archival: Following the initial 90-day period, data is moved to secure, long-term archives. The default retention period for this data is 7 years, beginning from the date a specific record is deleted from the live platform by you, the customer. This ensures you can meet your own long-term audit and compliance obligations.
  • Customized Retention: We can implement a customized data retention timeline to meet your specific jurisdictional or organizational requirements. Please contact your account manager to discuss this.

4. Data Handling Upon Subscription Conclusion

Upon the expiration or termination of your subscription, a clear, structured process is initiated to ensure data security and privacy.

  • Decommissioning: Your active platform environment is decommissioned. Within 30 days, your data will no longer be accessible through the live platform. During this 30 day period, you may export all of your documents and data at no charge. Should you require support for a data migration out of iComply, please contact your account manager to discuss your requirements and receive a customized proposal.
  • Data in Long-Term Archival: Decommissioned account data will be maintained in our secure, long-term archives for up to 3 months, unless otherwise specified in your SLA.
  • New Subscriptions: Should you choose to subscribe to iComply services again in the future, a new, clean platform environment will be provisioned. Historical data from a previous subscription is not available to be automatically restored.

5. Data Recovery from Archives (Managed Service)

In limited circumstances, former customers may require access to historical data from our secure archives. This process is handled as a professional managed service.

  • Process: Data recovery is a manual, resource-intensive process requiring dedicated engineering and operational resources. It is not a standard feature of our SaaS offering.
  • Fees: This service is subject to fees based on the scope and complexity of the request. Please contact your account manager to discuss your requirements and receive a tailored estimate.
  • Important Considerations:
    • Recovered data, if available, is provided on an "as-is" basis and is not restored into a live iComply environment.
    • Due to the complexities of archival systems, iComply does not guarantee that all requested data can be recovered.
    • Data queued for permanent deletion at the end of its lifecycle cannot be recovered under any circumstances.

6. License-Specific Data Sovereignty

We offer different license models to provide our customers with ultimate control over their data governance.

  • SaaS Licensees: Data retention is managed by iComply according to our information security policies and procedures.
  • PaaS and IaaS Licensees: You maintain full control. Data retention is managed on your own cloud or on-premise infrastructure. Our edge-computing architecture ensures we have zero access to any data or metadata related to your account, granting you complete digital sovereignty unless you have explicitly engaged us for enhanced capabilities or managed services.

7. iComply's Architectural Advantage: Privacy, Security, and Compliance by Design

Our practices and our platform architecture are designed to provide the highest levels of privacy and security. iComply's "Edge-AI" architecture processes your customer's most sensitive KYC, KYB, and KYT data on their own device - allowing us to perform legally valid authentication, verification, and validation without taking possession of the data. This provides our customers with unmatched precision and control over their data governance, digital sovereignty, and regulatory compliance objectives.

8. Policy Governance

This policy may be updated periodically to reflect changes in regulations and best practices. The most current version will always apply. For any questions regarding this policy or our data practices, please contact our support team.