Introduction
Location Risk Intelligence is a comprehensive analysis platform for assessing and managing natural disaster and climate risk. Users calculate and retrieve scores for locations based on its addresses, geo-coordinates (latitude and longitude) or geometries (areas and lines).
Customer data is treated differently depending on how it is sent to us and how it is processed.
Note: We use the term "customer data" to refer to customers location information.
As a matter of principle, customer data is processed and stored in a profoundly secure manner at all times and without exceptions. This article describes when, where, and how long customer data is stored during the enrichment process.
To know more about our security and technical organizational measures, review our Trust Center.
Overview
This table provides a quick and high-level overview of the processing of customer data across the different access and usage types:
Access type | Usage type | Permanent storage | Temporary storage | Data deletion | Backup | Backup retention time | Backup location |
API | Synchronous | No | No | N/A | No | N/A | N/A |
Asynchronous | No | 24 h | Automatically | No | N/A | N/A | |
SaaS | Single Location | Yes | No | By a user or after end of contract | Yes | 30 days | EU |
Areas & Lines | Yes | No | By a user or after end of contract | Yes | 30 days | EU | |
Portfolios | Yes | No | By a user or after end of contract | Yes | 30 days | EU |
The individual access and usage types are described in detail in the next chapters.
Data handling while using the API
The Location Risk Intelligence API ensures secure and encrypted transmission of customer data, which promptly returns scores for each location without storing it.
The following data is stored in the log files when an API request is made:
- Timestamp
- Internal client-ID
- Total processing time
- Total number of locations
- Requested services (scores)
- Number of locations aggregated per country
This meta information is required for audit and accounting purposes. No other data is permanently persisted at any point during this process.
The API infrastructure is hosted within the EU (Netherlands). Microsoft Ireland is the sub-contractor. Backups and data retention policies do not apply as no customer data is stored.
Synchronous API call
The synchronous API request workflow looks in detail as follows:
- The user creates a JWT token from our token endpoint using a client-id and a client-secret. The JWT token is always valid for one hour.
- The user sends one or more locations to the API over an encrypted connection using the JWT token and a subscription key for authentication.
- The API request is processed within the API in near real-time, including:
- Optional: If the user sends address data, it must first be geocoded. If the customer data is already geocoded (by providing latitude and longitude), this step is skipped. The geocoding is processed in an anonymized way. It takes place anonymously concerning the customer data.
- The geocoded location data is processed against the API business logic to enrich the locations with requested scores. Data is not stored temporarily; all processing is in-memory only.
- The response API request is created within the API, including individual location information and scores.
- Log entries are generated with the above information for auditing and accounting purposes.
- The API request is sent back to the customer.
Asynchronous API call
The API also offers endpoints for asynchronous processing of requests, which is intended for larger batches (10k+).
The asynchronous API request works in the same way like the synchronous with a single difference—the requests are stored temporarily until the customer retrieves the results and then irrevocably deleted. If the results are not retrieved, the API deletes the data after 24 hours at the latest. The temporarily stored data is not backed up.
Data handling while using the SaaS Platform
The Location Risk Intelligence SaaS Platform ensures secure and encrypted transmission of customer data, which provides scores for one location, a geometry, or multiple assets grouped in portfolios. We should distinguish between these three types:
Scoring of a single location assets
A single location is either an address or geo-coordinates (by providing latitude and longitude).
To score a location, a user should select it first, either by searching for the address or geo-coordinates or by clicking directly on the map. The location information, including the scoring, is automatically saved as an asset in the user's asset list. Therefore, customer data is stored on our infrastructure but can be deleted from the asset list by the user at any time to remove all location data from the database, otherwise it will be permanently deleted when the annual subscription with the associated organization expires.
If the customer data is deleted from the asset list, the data remains in the daily backups. Backups are stored geo-redundantly within the EU in the Netherlands and Ireland with a data retention period of 30 days.
Scoring of Areas & Lines assets
Areas & Lines assets are geometries that represent areas on the map, such as an airport or a pipeline. These geometries can be created directly in the platform or uploaded as a GeoJson file.
The geometries as customer data are stored on our infrastructure. It is necessary to ensure performance, especially for large geometries where the scoring process takes longer. At the same time, it offers analysis and evaluation possibilities on the platform.
If the user uploads a GeoJson file to the platform, it will be deleted immediately after uploading and completing the scoring. If there has been an error during processing, the file will be deleted automatically after 24 hours. This gives the user time to restart the evaluation process without having to re-upload this GeoJson file. Alternatively, the user can draw a shape directly on the map.
Regardless of how the geometry asset is created, it is then stored as an asset in the database and retained until the user manually deletes it or the annual subscription with the associated organization expires.
If the user manually deletes the geometry, the data remains in the daily backups. Backups are stored geo-redundantly within the EU in the Netherlands and Ireland with a data retention period of 30 days.
Scoring of portfolios
The user can process whole portfolio, that is a list of location information. It can be a list of addresses, geo-coordinates, geometries, or mixed.
Portfolios are stored on our infrastructure. It is necessary to ensure performance, especially for large portfolios where the scoring process can take longer. It also provides analysis and reporting capabilities on the platform.
The user's portfolio spreadsheet is deleted immediately after uploading and scoring, unless there has been an upload error, in which case it is automatically deleted after 24 hours. This allows the user to restart the upload process without having to re-upload the file. After a successful upload, the portfolio data is stored in the database. As with the single location or geometry asset, the portfolio is retained until the user manually deletes it or the annual subscription with the associated organization expires.
If the customer data (portfolio) is deleted, the data remains in the daily backups. Backups are stored geo-redundantly within the EU in the Netherlands and Ireland with a data retention period of 30 days.