Data retention
Data retention ensures that unnecessary data is not kept on your system, and is beneficial to:
- ensure compliance with data protection rules governing collected data
- reduce exposed data in case of a security breach
- reduce disk space usage
- ensure recent form submissions are not lost in outdated ones
Jadu Central provides three ways of clearing down unnecessary data:
Site-wide data retention policies
Site-wide data retention policies are applied to all forms that do not have their own form-specific policies. Data retention will check for forms to clear down every ten minutes by default.
When creating site-wide retention policies, do not "mix and match" classic and new form builder statuses as this can lead to unintentional retention actions.
The form statuses associated withh Classic forms are:
- Pending
- In Progress
- Completed - Approved
- Completed - Declined and Terminated
Managing site-wide data retention policies
Data retention policies are managed via the Forms menu.
If your account has permission to access Data retention, you navigate to it's management area by the following:
- Click the Forms icon in the left navigation bar. The Forms menu will open.
- Click the Data retention link.
Retention policy fields
| Field | Notes | Required? |
|---|---|---|
| When form is | How old a submission needs to be before data removal is triggered. | |
| And has status | The form statuses covered by this policy | ✅ |
| Submission type | The types of submission covered by this policy - internal, registered user or unregistered user submissions | ✅ |
| Remove | The type of data removed by the policy. See the note on data types below | ✅ |
| Confirmation | Confirmation that the action of the policy is understood prior to being enacted. | ✅ |
Form-specific data retention policies
For some forms, it may be necessary to clear down submissions sooner than the defined site-wide policies would.
To configure form specific data retention:
- Navigate to the form record and open the Data Retention tab.
- Enable Override global policies
- Policies can now be created, edited and deleted in the same way as when creating site wide policies.
Retention on Submission
In rare cases, data submitted to a form may be so sensitive that it cannot be kept for any time at all. For such situations data retention on submission may be used to remove all user data once the form submission process completes. Reporting data is retained to allow investigation of any problem submissions.
Due to the destructive nature of retention on submission, there is no option to apply it site-wide. It should only be enabled once third-party integrations are set up and successfully tested.
To configure retention on submission:
- Navigate to the form record and open the Data Retention tab.
- Enable Override global policies and then enable Clear user data on submission in the Settings side bar.
When using retention on submission, it is important that the form has at least one third-party integration form action set up. Otherwise, the user's submission can never be processed. Example actions include Jadu Connect, custom CRM systems or even a simple email alert to a back office system.
Order of processing and action failure
Form actions are fired before data is removed, and Jadu Central will not clear down data unless all actions complete successfully. Any submission where an action has failed can then be processed manually, and cleared by a reporting data policy at a later date.
If used, the PDF Generation action will be fired before retention. If all actions complete successfully, the generated PDF will be cleared down, so the customer will be unable to download it via the confirmation page. It should instead be attached to an email alert sent from the form.
Any custom actions or existing CRM integrations will not prohibit retention on submission if they fail, unless custom development is undertaken.
Types of data
Reporting data
- required by Jadu Central to all the user to continue completing the form
- anonymous
- safe to keep in the application for long periods
- useful to remove after a long period to save disk space
User data
- anything used to identify the user, or that belongs to the user. Such as the user's answers to form questions, any files uploaded to the form and the user's email if provided.
- far more sensitive than reporting data
- should be removed once it is no longer required in line with data protection legislation
Data removal scope
For reference, the table below shows the data that each removal type will clear.
| Data | Cleared by 'User Data' policies | Cleared by 'Entire Submission' policies |
|---|---|---|
| Personal data from form e.g. IP address, email address | Yes | Yes |
| Answers to questions on the form | Yes | Yes |
| Any files uploaded as part of the form submission | Yes | Yes |
| PDF generated as part of 'PDF Generation' action | Yes | Yes |
| Record of emails sent | Yes | Yes |
| Record of submission to Jadu Connect, if in use | Yes | Yes |
| Record of form actions fired | Yes | Yes |
| Submission record (reference, date started and completed) | No | Yes |
| Jadu PayBridge order notes and customer information (if Jadu PayBridge is in use) | Yes | Yes |
| Jadu PayBridge order payee (if Jadu PayBridge is in use) | Yes | Yes |
| Jadu PayBridge order item (if Jadu PayBridge is in use) | No | Yes |
| Jadu PayBridge order (if order contains only one item) | No | Yes |
Tips for setting up policies
- It is not possible to create a user data policy that runs after a reporting data policy, and clears down forms of the same status and submission type. This is because the user data policy would never run - if the entire submission is removed there is no user data left.
- Once a user data policy runs, any affected user forms will be in the 'Retentioned' state. If you wish to subsequently clear reporting data from these forms, the reporting data policy must apply to the 'Retentioned' status.
- When setting up policies, Jadu Central may highlight one or more of them as redundant. To fix this, ensure that each status is only affected by (at most) one user data and one reporting policy. Also, when setting up user data policies, check that each user data policy run before any reporting data policy that clears forms of the same status and submission type.