Data Management and Retention Policy
Collected Data
Ubidots primarily collects three (3) types of data from each account:
1. User Data
Account data, along with individual session data, is stored in an internal admin system as well as in various marketing and product analytics tools we use:
Internal Admin System: Our internal database, complemented by a web application for management, contains all account information:
Owner ID
Name
Email
Created at
Credit card (Last 4 digits)
Last activity
End data reception
End of trial
Type of account (STEM, trial, customer, or internal)
Status (active or inactive)
Invoice to
Balance
Plan name and details
Historical invoices
User logs: plan changes, balance changes, and access logs
Flags: Enabled and disabled features
Limits: Plan limits
Usage for each overage item, per day
Tokens and token logs: Securely hashed account API tokens, used for modifying rate limits and debugging token logs.
Intercom: Intercom collects and stores various user data to provide enhanced support and communication capabilities, including:
User attributes: Name, email, company, role, and other profile information.
Interaction history: Support tickets, chat transcripts, and communication logs.
User behavior: Page views, clicks, session duration, and usage patterns within the application.
Technical details: IP address, browser type, operating system, device type, and geographic location.
Communication preferences: User's subscription status to different communication channels and preferences for receiving notifications.
Mixpanel: Mixpanel tracks detailed application usage and user behavior analytics, collecting data such as:
User attributes: Name, email, and other profile information.
Application events: CRUD (Create, Read, Update, Delete) operations for entities such as devices, variables, dashboards, events, users, roles, organizations, apps, device groups, and device types.
Session data: Session start and end times, duration, and frequency of use.
Technical details: IP address, browser type, operating system, device type, and geographic location.
User interactions: Clicks, form submissions, navigation paths, and feature usage within the application.
Stripe: We use Stripe for processing payments. Stripe handles all payment information securely and does not share full credit card details with us. Instead, we can only see limited information such as:
Last 4 digits of the credit card number
Card type (e.g., Visa, MasterCard)
Expiration date
Billing address
Payment history
Stripe ensures that all sensitive payment information is encrypted and securely processed, adhering to strict PCI compliance standards. This means that full credit card numbers and other sensitive payment details are never accessible to us.
Google Tag Manager: Tracks application-specific events.
Google Analytics: Tracks user sessions.
Zapier: Integrates various services, storing user data such as emails in execution logs.
Brevo: Used primarily for newsletters, storing user emails.
Webflow: Used for creating online forms for marketing purposes. Form submissions trigger workflows that capture user data.
Typeform: Used for in-app questionnaires, capturing user email and responses.
Nativeforms: Also used for in-app questionnaires, capturing user email and responses.
Discourse: Used for our community forums, storing usernames and emails for registered users.
Stripe: Email and payment information. Please note, we do not have access to the
2. Platform Data
Platform data is stored in a separate system where our entire product resides. The following entities are stored in a relational database:
Devices
Variables
Dashboards
Events
Users
Roles
Organizations
Apps
Device groups
Device types
Ubifunctions
Plugins
3. Time-Series Data
The "dots" related to each variable are stored in a separate time-series database.
Data Duplication
We strive to avoid data duplication whenever possible. However, there may be instances where, for programmatic or business reasons, it is necessary for data to be held in more than one place:
Some account data such as user's email may reside in multiple systems (Internal Admin, Intercom, Brevo, and Mixpanel)
Time series data resides in a database cluster, with at least three (3) nodes, an architecture designed for fault-tolerance.
Data Retention & Purging
Both account data and platform data are retained from the time of signup for as long as the user continues to use Ubidots. Data will only be deleted and purged under the following circumstances:
Account Deactivation
Before definitive deletion, a user-deleted account is internally set to "inactive" before entering the deletion process and data purging.
For Free STEM Users: If the user hasn’t logged in for 90 days, or if the account was created but the user never returned (“create_date” > 30 days AND “last_seen_day” = “create_date_day”), the account will be automatically deactivated. Even if the user has public dashboards or actively sends data but never logs in, the account will still be set to inactive.
For Paying Customers: If the user requests account deletion, either in-app or through our sales or support channels, the account is set to inactive.
Data Purging
After 5 days of deactivation, data is purged as follows:
Account Data: The account is anonymized using a random email, which allows synced processes to further anonymize trails in external marketing systems such as Intercom, Brevo, and Mixpanel.
Platform Data: No personal data is retained. Periodic data purging tasks to delete all inactive account data every 6 months.
Time-Series Data: No personal or device data is retained, only time-series data associated with variable IDs (without names or metadata). As part of the time-series database maintenance, purging and compacting tasks delete data from inactive accounts every 12 months.
Please note that even after successful purging of the above data, user data may still reside in a database backup. Such backup will still dissappear automatically after a period of time, according to our backup policies.
IT Requirements Met:
Last updated
Was this helpful?