Retention & Deletion

How enterprise speech data is retained, deleted, and governed across its lifecycle.

Retention and deletion terms are defined contractually per engagement.

This page provides an overview for legal and procurement review. Specific retention schedules and deletion triggers are defined in contract documents.

Executive Summary

  • Retention and deletion terms are defined contractually per engagement.
  • No uncontrolled or indefinite retention of enterprise speech data.
  • Deletion obligations are enforceable and documented in DPA.
  • Dataset lifecycle is tracked and auditable throughout project duration.
  • Provenance and audit trails may persist where contractually required.
  • Retention schedules aligned to client requirements and regulatory obligations.
  • End-of-engagement data handling defined during scoping phase.
  • Client control over retention and deletion requirements is contractual.
  • Deletion mechanisms distinguish between raw data, derived datasets, and audit artifacts.

Retention Principles

Retention policies for enterprise speech data vary by engagement based on client requirements, regulatory obligations, and the nature of the data processing activities.

No fixed retention schedule: We do not apply a single fixed retention period across all projects. Retention is aligned to the specific needs of each engagement.

Scoping process: Retention requirements are established during the scoping phase through consultation with your legal, compliance, and procurement teams. Requirements are documented in the DPA.

Regulatory alignment: Retention schedules take into account applicable regulatory frameworks including GDPR, sector-specific regulations, and internal retention policies.

Retention periods are defined contractually and included in the DPA Annex for internal review.

Deletion and Erasure Handling

Deletion obligations are documented in the DPA and enforced according to contractually defined procedures.

Deletion triggers: Deletion may occur at end of engagement, upon client request, at expiration of retention period, or according to other triggers defined in the DPA.

Deletion procedures: Procedures are defined contractually and include verification steps where required. Deletion encompasses data across production systems, backups, and other storage locations as specified in the DPA.

Data types: The DPA distinguishes between raw data, derived datasets, processed outputs, and audit artifacts. Deletion obligations may differ by data type.

Deletion verification: Where contractually required, we provide deletion certificates or attestations confirming deletion actions.

Specific deletion timelines and procedures are provided for internal review during scoping.

Client Control and Instructions

Clients define retention and deletion requirements during scoping. These requirements are documented contractually and govern data lifecycle handling throughout the engagement.

Retention requirement definition: Clients specify retention periods, deletion triggers, and end-of-engagement handling during the scoping phase.

Instruction mechanisms: Instructions regarding data retention and deletion are provided through contractual documentation. Changes to retention or deletion requirements are handled through formal change procedures.

Change procedures: Where requirements change during the engagement, changes are documented through contract amendment procedures defined in the engagement agreement.

Client control over retention and deletion is a negotiated component of the DPA and engagement agreement.

Auditability and Provenance Considerations

Audit trails and provenance records support compliance obligations and long-term traceability of dataset origins.

Audit trail retention: Provenance and audit records may be retained separately from raw data to support compliance, internal audit, and external audit requirements.

Balance with deletion: The DPA addresses the balance between deletion obligations and audit retention requirements. Where audit artifacts must be retained, this is documented contractually.

Audit retention periods: Audit trail retention periods may differ from raw data retention periods. Specific retention windows for audit artifacts are defined in the DPA.

Audit and provenance handling is defined contractually during scoping to ensure alignment with compliance obligations.

End-of-Engagement Handling

Data handling at project completion is defined contractually and varies by engagement type and client requirements.

Typical options: End-of-engagement options include secure deletion, return of data to client, or continued retention for a defined period. The chosen approach is documented in the DPA.

Handover procedures: Where data is returned to the client, handover procedures are defined contractually including format, delivery mechanism, and verification.

Deletion at completion: Where deletion is chosen, deletion occurs according to the timeline defined in the DPA. Deletion encompasses all data types and storage locations as specified.

Continued retention: In some engagements, data may be retained beyond engagement completion for warranty, support, or other defined purposes. Continued retention is documented contractually.

End-of-engagement actions are finalized during scoping and documented in the engagement agreement.

Retention & Deletion FAQ

How long is speech data retained?

Retention periods vary by engagement and are defined contractually during scoping. We do not apply a single fixed retention schedule across all projects. Retention is aligned to client requirements, regulatory obligations, and the nature of the engagement. Specific retention windows are documented in the DPA.

Can we enforce our own retention policy?

Yes. Client retention requirements are defined during scoping and documented contractually. We align our retention practices to your internal retention policies and regulatory obligations. Retention schedules are a negotiated component of the engagement agreement.

How do deletion requests work?

Deletion procedures are defined in the DPA and vary by engagement type. Deletion requests are handled according to contractually defined processes. We support deletion at the end of engagement, upon client request, or according to agreed retention triggers. Deletion handling is documented and auditable.

What happens to data after project completion?

End-of-engagement data handling is defined contractually. Options typically include return of data, secure deletion, or continued retention for a defined period. The chosen approach is documented in the DPA and agreed upon during scoping.

Are backups covered by deletion obligations?

Backup handling and deletion timelines are addressed in the DPA. Deletion obligations typically extend to backups, though backup deletion may follow a defined schedule due to technical constraints. Backup retention and deletion procedures are documented contractually.

How does audit retention affect deletion?

Audit trail and provenance records may be retained separately from raw data to support compliance obligations. The balance between deletion and audit requirements is defined contractually. We document which artifacts are retained for audit purposes and for how long.

Can deletion be verified?

Deletion procedures include verification steps defined in the DPA. We can provide deletion certificates or attestations where contractually required. Verification mechanisms are defined during scoping.

What if regulatory requirements change?

Changes to retention or deletion requirements due to regulatory updates are handled through contract amendment procedures. We work with your legal and compliance teams to document changes appropriately and ensure ongoing compliance.

How are retention requirements documented?

Retention schedules are documented in the DPA Annex and referenced in the engagement agreement. Documentation includes retention periods, triggers for deletion, and responsibilities for data lifecycle management.

Can we extend retention beyond initial agreement?

Retention period extensions are handled through formal change procedures defined in the engagement agreement. Extensions require mutual agreement and are documented contractually.

What happens if we need early deletion?

Early deletion requests are handled according to the procedures defined in the DPA. We support early deletion where contractually feasible. The process and timeline for early deletion are defined during scoping.

How is deletion different from anonymization?

Deletion refers to removal of data from systems. Anonymization refers to transformation of data such that it cannot be linked to individuals. The DPA specifies which approach is used under which circumstances, and whether anonymized data may be retained.

Related Pages

Speech Data Overview — Main enterprise speech data landing page
DPA Overview — Data Processing Agreement governance
Data Residency — Jurisdiction and sub-processor disclosure
Technical Specifications — Audio formats, delivery, and QA outputs

Next Step

Request an enterprise consultation

Project-specific retention schedules are finalized during scoping.