Data retention

We're required to store data in order to provide services and support you and all our other customers. Below, we specify what customer-generated data we store, how long we store it for product functionality, and why we use it to provide value to you. We also distinguish between protected health information (PHI) or not.

What we store
Description
How long
Why
Metadata (no PHI)
Any metadata about requests sent through Redox.
Indefinitely (available for 60 days via the Redox dashboard and Redox Platform API).
For (a) troubleshooting and support; (b) audit logging; and (c) informed product enhancements.
PHI in request payloads
Full request payloads containing PHI sent through Redox.
60 days.
For (a) troubleshooting and support; (b) recent transact
PHI in searches
Search index that contains salted and hashed identifiers from request payloads—including patient names and identifiers, provider IDs, and other record IDs.
60 days.
For (a) troubleshooting and support; and (b) logs in the dashboard.
PHI in data on demand
This opt-in services stores (a) patient identifiers, basic demographics; (b) provider data; (c) reference URLs to files sent to integrated systems; (d) encoded base64 strings for files sent to integrated systems; and (e) scheduling, orders, and results data.
Contract duration (data is purged within 30 days of customer account closure).
For (a) providing a database to query when your partner's integrated system doesn't support query requests; and (b) accessing stored event-based messages via query requests.

Other data

We also store data for compliance and regulatory purposes. This data isn't related to product functionality. Contact us if you have questions or would like a copy of our full data retention policy.