Data Retention Policy

This policy explains how LIVIS retains and deletes data in a way that prioritises confidentiality, minimisation, and participant trust.

Our principle is simple: we retain the minimum data required to deliver insight, and only for as long as it is genuinely needed.

How data is handled before retention

LIVIS is designed to process data securely and proportionately.

Transcripts are processed within Amazon Web Services (AWS), using Amazon Bedrock, in an environment built for sensitive and regulated data. Data is encrypted in transit and at rest and is not used to train AI models or shared beyond the LIVIS platform.

Analysis focuses on patterns of language and interaction rather than the subject matter of conversations.

Where additional safeguards are required, or where an individual has not consented to identifiable analysis, confidential or identifying information may be removed or redacted prior to analysis. This process may include human review to ensure appropriate handling.

Human oversight is applied to ensure data is used appropriately and outputs are suitable for feedback and development purposes.

Retention approach

1. Raw transcripts (temporary)

  • Raw transcripts are retained only for the minimum period required to deliver the agreed services securely and effectively.

  • Where redaction or safeguarding steps are required, transcripts may be held temporarily to support this process.

  • Raw transcripts are not used to train AI models and are not shared beyond the LIVIS platform.

  • Unless otherwise agreed in writing, raw transcripts are deleted once analysis and quality assurance are complete, typically within 30 days of upload and often sooner.

2. Working analysis data

  • A working version of transcript data may be retained for the duration of an engagement to support behavioural analysis, quality assurance, and feedback delivery.

  • Where identifiable analysis has been explicitly consented to, a participant’s own name may be retained.

  • All other identifying or confidential information is handled proportionately and removed where required or agreed.

  • This enables behavioural analysis, quality assurance, and feedback delivery.

  • For individual analysis, a participant’s own name may be retained where they have explicitly consented.

  • Other identifying or confidential information is handled proportionately and removed where required or where redaction has been requested, unless otherwise agreed in writing.

3. Derived insights and reports

  • Behavioural insights and reports may be retained for the life of the engagement.

  • This allows individuals or teams to revisit feedback or track change over time.

  • Reports can be deleted earlier upon request.

4. Consent records

  • Records of consent are retained for audit and compliance purposes.

  • These may be kept beyond the life of an engagement where required by law.

5. Account and contact data

  • Basic account and contact information is retained only while a relationship exists.

  • It is deleted upon request or following contract termination, unless legally required.

Secure deletion

When data is no longer required:

  • It is securely deleted from LIVIS systems.

  • Backups are overwritten in line with standard security and data management practices.

Exceptions

Where law, regulation, or contractual obligations require longer retention, LIVIS will retain only the minimum data required for compliance.

Review

This policy is reviewed periodically and updated as LIVIS evolves.

This policy is supported by LIVIS’s use of secure AWS infrastructure, Data Protection Impact Assessment, contractual safeguards, and human-in-the-loop controls.

Contact

If you have any questions about this policy or how LIVIS handles data, please contact support@livis-analytics.co.uk.