Data Retention
Atrium handles personal data (PII) with configurable retention policies, designed for GDPR compliance. Data is automatically purged after the retention period expires, and can be deleted manually at any time.
What constitutes PII in Atrium
| Data category | Examples | Where stored |
|---|---|---|
| Visitor identity | Name, email, company | visitors table |
| Visit records | Check-in/out times, host, purpose | visits table |
| Signatures | Signature images, stroke data | Binary artifacts linked to visits |
| Archived documents | Signed PDFs | File storage linked to visits |
| Network data | IP address, MAC address, WiFi session logs | wifi_vouchers, agent event logs |
| Contact data | Email in pre-registration emails | Transient (email delivery) |
Default retention periods
| Data type | Default retention | Rationale |
|---|---|---|
| Visitor records (visits, profiles) | 12 months | Balances operational value with data minimization. |
| Signed documents (PDFs, signatures) | 36 months | Compliance requirements for contract-like documents (NDAs). |
| Audit log | 36 months | Required for security and compliance reviews. |
| WiFi session logs | 12 months | Consistent with visitor record retention. |
Retention periods are configurable per tenant. Shorter periods are always allowed. Longer periods may be required by industry-specific regulations.
Automatic purging
Atrium periodically scans for data that has exceeded its retention period and purges it automatically. When a visitor record is purged:
- The visitor profile is deleted.
- All visit records for that visitor are deleted.
- All associated signature data is deleted.
- All archived PDFs for that visitor are deleted.
- WiFi voucher records are deleted.
- Event references to the visitor (in NATS streams) are already PII-free — events reference visitors by ID, not by name or email. The IDs become orphaned references, which is harmless.
Audit log entries referencing the deleted visitor remain (they record that something happened, not the visitor's personal details).
Manual deletion
Tenant-Admins can delete individual visitor records at any time:
- Navigate to the Visitor Directory.
- Find the visitor.
- Click Delete and confirm.
This immediately deletes the visitor and all associated data, regardless of the retention period.
Right to erasure (GDPR Article 17)
If a visitor exercises their right to erasure, delete their visitor record via the admin dashboard. This removes all personal data Atrium holds about them. Confirm the deletion with the requesting individual and document the response for your records.
Atrium doesn't provide a self-service deletion portal for visitors — erasure requests are handled by the tenant's data protection contact and executed by a Tenant-Admin.
Data in external systems
Atrium's retention policies only apply to data stored within Atrium. If CRM integration is configured, visitor data that has been synced to your CRM must be managed under your CRM's own retention policies. Deleting a visitor in Atrium does not automatically delete them in Salesforce, HubSpot, or other connected systems.