SDK Privacy Policy Contact

Data Destruction & Retention Procedure

Measures for the defensible destruction of data associated with the Abena AI SDK, including deletion on contract termination, retention expiry, or written instruction from an enterprise client.

Owner: Mobobi Ltd Applies to: Abena AI SDK (ASR, TTS, Speech-to-Intent) Last Updated: January 19, 2026
View SDK Privacy Policy info@mobobi.com
Overview

1) Scope and Design Assumptions

The Abena AI SDK is designed for on-device processing. In standard deployments, the SDK does not transmit end-user speech audio, transcriptions, contacts, or message content to Mobobi servers.

Depending on the enterprise client’s configuration and licensing model, Mobobi may optionally process limited technical data such as: (a) an anonymous device activation identifier and (b) an API key used for license validation.

Key point: In most cases, there is no personal data processed by Mobobi via the SDK. Where a client configuration enables any SDK-related technical data processing, the procedures below apply.

2) Data Categories Covered

Category Typical Source Default Retention Notes
Anonymous Device Activation ID SDK licensing / activation (optional) Contract term (or as agreed) Not linked to names/contacts; used to count unique activations.
API Key Enterprise client Active while contract is valid Identifies the client app; not an end-user identifier.
Support & Operational Records Enterprise communications Up to 24 months (or as agreed) May include ticket metadata, logs shared by the client, and admin notes.
Client-Supplied Test Data Enterprise testing (if provided) As agreed; typically ≤ 30 days Handled only under written instruction; deleted after testing/validation.

3) Triggers for Data Destruction

  • Contract termination or non-renewal.
  • Expiry of retention period defined in contract, policy, or written instruction.
  • Written instruction from the enterprise client requesting deletion or return of data.
  • Revocation of API key or deactivation of a deployment.

4) Defensible Destruction Methods

  • Application-layer deletion: Records removed from primary systems.
  • Cryptographic deletion (where applicable): Key rotation or destruction to render encrypted data unreadable.
  • Secure wipe for storage media: Industry-standard secure deletion procedures for managed systems.
  • Backups: Deletions propagate via backup rotation; where feasible, targeted deletion is performed.

5) Return, Deletion & Confirmation Workflow

  1. Identify scope: Determine systems and record types applicable to the request/contract.
  2. Return (if required): Provide client-owned data in an agreed format (where applicable).
  3. Execute deletion: Remove applicable records and revoke credentials (e.g., API keys).
  4. Backup rotation: Document expected final expiration date for backup roll-off.
  5. Confirm in writing: Provide written confirmation of deletion and/or a destruction statement on request.

6) Timeframes

  • Initiation: Within 5 business days of verified written instruction.
  • Completion (production systems): Typically within 30 days (or as agreed).
  • Backups: Final removal occurs as backups expire under the configured schedule.

7) Auditability & Evidence

  • Destruction statement confirming actions performed and dates.
  • Contract clauses describing data handling, retention, and deletion triggers.
  • Architecture/data-flow summary demonstrating on-device processing and minimal server-side data.