This policy explains how LIVIS retains and deletes data in a way that prioritises confidentiality, minimisation and responsible organisational insight.

Our principle is simple: retain the minimum data required to deliver agreed behaviour insight, and only for as long as it is genuinely necessary.

How data is handled

LIVIS is designed to process behaviour data securely, proportionately and responsibly.

Data is processed within Amazon Web Services (AWS), using Amazon Bedrock, in infrastructure designed for sensitive and regulated environments. Data is encrypted in transit and at rest and is never used to train public AI models.

Analysis focuses on behaviour patterns, communication dynamics and organisational interactions rather than the subject matter of conversations.

Where additional safeguards are required, confidential or identifying information may be removed or redacted before analysis takes place.

Human oversight is applied throughout engagements to ensure data is handled appropriately and outputs remain proportionate, contextual and suitable for organisational use.

Retention approach

• Raw transcripts (Temporary)

Raw transcripts are retained only for the minimum period required to deliver agreed services securely and effectively. Where safeguarding, redaction or quality assurance processes are required, transcripts may be retained temporarily to support these activities. Raw transcripts are never used to train AI models and are not shared beyond LIVIS systems and agreed delivery environments. Unless otherwise agreed in writing, raw transcripts are deleted once analysis and quality assurance are complete, typically within 30 days of upload and often sooner.

• Working analysis data

Working analysis data may be retained for the duration of an engagement to support behaviour analysis, quality assurance and delivery of agreed insight. Where identifiable analysis has been explicitly agreed and consented to, limited participant identifiers such as names may be retained where operationally necessary. All other confidential or identifying information is handled proportionately and removed where appropriate or requested.

• Behaviour insights and reports

Behaviour insights, reports and organisational outputs may be retained for the duration of an engagement and any agreed follow-on work. This enables organisations to revisit insight, understand behavioural change over time and support ongoing behavioural visibility where applicable. Reports and derived outputs can be deleted earlier upon request where contractually appropriate.

• Consent and governance records

Records relating to consent, governance and engagement approval may be retained for audit, compliance and legal purposes. These records may be retained beyond the life of an engagement where required by law or contractual obligation.

• Account and contact information

Basic account and contact information is retained only while a working relationship exists. Information is deleted upon request or following the end of a contractual relationship unless retention is legally required.

Secure Deletion

When data is no longer required:

• It is securely deleted from LIVIS systems

• Backups are overwritten in line with standard security and infrastructure management practices

• Access permissions are removed where appropriate

Exceptions

Where legal, regulatory or contractual obligations require longer retention, LIVIS will retain only the minimum data necessary to meet those obligations.

Review

This policy is reviewed periodically and updated as LIVIS evolves. The policy is supported by LIVIS’s wider governance framework, including secure AWS infrastructure, Data Protection Impact Assessments, contractual safeguards and human oversight controls.

Contact

If you have any questions about this policy or how LIVIS handles data, please contact: support@livis-analytics.co.uk