Owner: Multibook, Inc. · Version 1.0 · Reviewed annually.
Commitment
On termination of the service, the customer’s data is deleted within 30 days of the customer’s request, and ages out of backups within a further 30 days (30-day backup rotation). Physical storage-media disposal is handled by DigitalOcean under their ISO 27001 / SOC 2 controls.
Offboarding procedure
- Confirm & record the request. Record date, requester, and scope; confirm the effective end date with the customer.
- Export on request. If requested, produce a data export (database export and/or file export) and deliver it securely before deletion.
- Delete tenant data (≤30 days). Within 30 days: delete/disable accounts and application data, remove customer-uploaded files from object storage, and remove customer-specific credentials/integrations.
- Backups age out (≤ further 30 days). Daily database backups rotate on a 30-day schedule, so the data is automatically purged from backups within 30 days of production deletion. The rotation is verified.
- Confirm to the customer. Issue a written deletion confirmation letter stating what was deleted, when production deletion completed, and when backups will have fully aged out.
- Decommission infrastructure (if dedicated). For a single-tenant install, decommission the droplet(s) and detach/destroy the encrypted block-storage volume(s); DigitalOcean handles media sanitisation per their certifications.
Media disposal
ANTE does not own physical storage media. Block-storage volumes and their snapshots are encrypted at rest (LUKS/AES-256, DigitalOcean-managed keys); on destruction the data is unrecoverable. Physical media sanitisation/disposal is DigitalOcean’s responsibility under their ISO 27001 / SOC 2 programs.
Evidence retained
The deletion request, the confirmation letter, and the relevant audit-log entries are retained as a record of completion.