Data retention policy
Policy
Likewise policy requires that:
• Data must be handled and protected according to its classification requirements and following
approved encryption standards, if applicable.
• Whenever possible, store data of the same classification in a given data repository and avoid
mixing sensitive and non-sensitive data in the same repository. Security controls, including
authentication, authorization, data encryption, and auditing, should be applied according to the highest classification of data in a given repository.
• Employees shall not have direct administrative access to production data during normal business operations. Exceptions include emergency operations such as forensic analysis and manual disaster recovery.
• Employees are prohibited from downloading and storing production data on their devices.
• All Production Systems must disable services that are not required to achieve the business
purpose or function of the system.
• Any access to Production Systems must be logged.
• All Production Systems must have security monitoring enabled, including activity and file
integrity monitoring, vulnerability scanning, and/or malware detection, as applicable. Data Protection Implementation and Processes
Customer Data Protection
Likewise hosts on Azure and AWS in the West US region by default.
All Likewise employees adhere to the following processes to reduce the risk of compromising
Production Data:
• Implement and/or review controls designed to protect Production Data from improper alteration
or destruction.
• Ensure that confidential data is stored in a manner that supports user access logs and automated
monitoring for potential security incidents.
• Ensure Likewise Customer Production Data is segmented and only accessible to customers
authorized to access data.
• All Production Data at rest is stored on encrypted volumes using encryption keys managed by
Likewise.
• Volume encryption keys and machines that generate volume encryption keys are protected from
unauthorized access. Volume encryption key material is protected with access controls such that
the key material is only accessible by privileged accounts.
Access
Likewise employee access to production is guarded by an approval process and by default is disabled.
When access is approved, temporary access is granted that allows access to production. Production
access is reviewed by the security team on a case-by-case basis.
Monitoring
Likewise uses Azure Alerts, AWS CloudWatch Alarms and In-house scripts to monitor the entire cloud
service operation. If a system failure and alarm is triggered, key personnel are notified by text, chat, and/
or email message in order to take appropriate corrective action.
Confidentiality/Non-Disclosure Agreement (NDA)
Likewise uses confidentiality or non-disclosure agreements to protect confidential information using
legally enforceable terms. NDAs are applicable to both internal and external parties. NDAs will have the
following elements:
• Definition of the information to be protected
• Duration of the agreement
• Required actions upon termination of agreement
• Responsibilities and actions to avoid unauthorized disclosure
• Ownership of information, trade secrets, and intellectual property
• Permitted use of the confidential information and rights to use information
• Audit and monitor activities that involve confidential information
• Process of notification and reporting of unauthorized disclosure or information leakage
• Information return or destruction terms when an agreement is terminated
• Actions in case of breach of agreement
• Periodic review
Data archiving and removal policy
Policy For Customers Data:
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will not be retained and related data will be removed at the same time account status changes to deactivated. There is no way for the customer to download or request their data.
Data storage policy
Customer Data Protection
Likewise hosts on Azure and AWS in the West US region by default.
All Likewise employees adhere to the following processes to reduce the risk of compromising
Production Data:
• Implement and/or review controls designed to protect Production Data from improper alteration or destruction.
• Ensure that confidential data is stored in a manner that supports user access logs and automated monitoring for potential security incidents.
• Ensure Likewise Customer Production Data is segmented and only accessible to customers
authorized to access data.
• All Production Data at rest is stored on encrypted volumes using encryption keys managed by Likewise.
• Volume encryption keys and machines that generate volume encryption keys are protected from unauthorized access. Volume encryption key material is protected with access controls such that the key material is only accessible by privileged accounts.
Data At Rest
Encryption
All databases, data stores, and file systems are encrypted according to Likewise’s Encryption Policy
Data center location(s)
United States
Data hosting details
MongoDB Atlas, Azure Storage and AWS S3 buckets
Data hosting company
MongoDB Atlas, Azure and AWS
App/service has sub-processors
no